Sendmail mail from/rcpt to Pipe Arbitrary Command Execution

The remote SMTP server did not complain when issued the command : MAIL FROM: root@thishost RCPT TO: |testing This probably means that it is possible to send mail directly to programs, which is a serious threat, since this allows anyone to execute arbitrary commands on this host. This security hol...

Sendmail MAIL FROM Command Arbitrary Remote Command Execution

The remote SMTP server did not complain when issued the command : MAIL FROM: |testing This probably means that it is possible to send mail that will be bounced to a program, which is a serious threat, since this allows anyone to execute arbitrary commands on this host. This security hole might be...

Excite for Web Server architext_query.pl Shell Metacharacter Arbitrary Command Execution

Excite for Webservers is installed. This CGI has a well-known security flaw that lets a remote attacker execute arbitrary commands with the privileges of the web server. Versions newer than 1.1. are patched. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Glimpse HTTP aglimpse Arbitrary Command Execution

The remote web server is running GlipmseHTTP. The installed version suffers from a remote command execution vulnerability in the 'aglimpse' component. Note that we could not actually check for the presence of this vulnerability, and only checked for the existence of the 'aglimpse' CGI...

abuseconsole.sh

There is a security hole in RedHat 2.1, which installs the game abuse, /usr/lib/games/abuse/abuse.console suid root. The abuse.console program loads its files without absolute pathnames, assuming the user is running abuse from the /usr/lib/games/abuse directory. One of these files in the undrv...

ToxSoft NextFTP 1.82 - Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/572/info ToxSoft's shareware FTP client, NextFTP, contains an unchecked buffer in the code that parses CWD command replies. If the FTP server's reply contains the exploit code, arbitrary commands can be run on the client machine...

Microsoft Data Access Components (MDAC) 2.1 Microsoft IIS 3.04.0 Microsoft Index Server 2.0 Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)

Microsoft Data Access Components MDAC 2.1 Microsoft IIS 3.04.0 Microsoft Index Server 2.0 Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS 2 source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services...

Web Server /cgi-bin Shell Access

The remote web server has one of these shells installed in /cgi-bin : ash, bash, csh, ksh, sh, tcsh, zsh Leaving executable shells in the cgi-bin directory of a web server may allow an attacker to execute arbitrary commands on the target machine with the privileges of the HTTP daemon. %NASLMINLEV...

CDomain whois_raw.cgi fqdn Parameter Arbitrary Command Execution

The remote host appears to be using the CdomainFree 'whoisraw.cgi' script. This CGI script allows an attacker to view any file on the target computer, as well as to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

Multiple Vendor phf CGI Arbitrary Command Execution

The 'phf' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

WebGais webgais CGI Arbitrary Command Execution

The 'webgais' CGI is installed. This CGI may let an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10300;...

in.fingerd Pipe Input Arbitrary Command Execution

It is possible to force the remote finger daemon to execute arbitrary commands by issuing requests like : finger |commandtoexecute@target An attacker may use this bug to gain a shell on this host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10126; scriptversion...

WebGais websendmail CGI Arbitrary Command Execution

The 'websendmail' program, part of Webgais, appears to be installed on the remote host. This CGI script has a well-known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, In...

HylaFAX faxsurvey Arbitrary Command Execution

The 'faxsurvey' CGI does not sanitize input to the query string. A remote attacker could exploit this to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid10067; scriptversion"1.45";...

Multiple Vendor info2www CGI Arbitrary Command Execution

The 'info2www' CGI is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...

IRIX handler CGI Arbitrary Command Execution

The 'handler' cgi is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 2.67.08 - netpr Local Buffer Overflow (1)

Solaris 2.67.08 - netpr Local Buffer Overflow 1 // source: https://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have be...

Solaris 2.6/7.0/8 - 'netpr' Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/1200/info A buffer overrun exists in the 'netpr' program, part of the SUNWpcu LP package included with Solaris, from Sun Microsystems. Versions of netpr on Solaris 2.6 and 7, on both Sparc and x86 have been confirmed as being vulnerable. The overflow i...

CVE-1999-0349

A buffer overflow in the FTP list ls command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands...

[SECURITY] New versions of hylafax avoid security problem

We have received a report that the faxsurvey script that was included in former releases of hylafax would execute arbitrary commands. Please be warned that this package doesnt contain a fix, the offending script is just removed. We recommend you upgrade your hylafax-doc package immediately. dpkg ...