8690 matches found
CVE-2003-0949
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands...
Qualiteam X-Cart 3.x - upgrade.php?perl_binary Arbitrary Command Execution
Qualiteam X-Cart 3.x - upgrade.php?perlbinary Arbitrary Command Execution source: https://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of...
Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution
The remote host is running Qualiteam X-Cart - a shopping cart software written in PHP. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. In addition to this, there are some flaws that could allo...
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...
Leif M. Wright Web Blog 1.1 - Remote Command Execution
source: https://www.securityfocus.com/bid/9539/info Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables...
KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader
Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...
Kietu 2/3 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary...
Kietu 23 - index.php Remote File Inclusion
Kietu 23 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, whi...
CVE-2004-0037
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages...
Important: Red Hat Security Advisory: : Updated kdepim packages resolve security vulnerability
Updated kdepim packages are now available that fix a local buffer overflow vulnerability. The K Desktop Environment KDE is a graphical desktop for the X Window System. The KDE Personal Information Management kdepim suite helps you to organize your mail, tasks, appointments, and contacts. The KDE...
[SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 420-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2004 http://www.debian.org/security/faq -...
[Full-Disclosure] [SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 420-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2004 http://www.debian.org/security/faq -...
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
The remote host appears to be running 'php-ping.php' from TheWorldsEnd.NET. The remote version of this script does not properly sanitize the 'count' parameter and allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server...
SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...
OnlineArts DailyDose 1.1 - dose.pl Remote Command Execution
OnlineArts DailyDose 1.1 - dose.pl Remote Command Execution source: https://www.securityfocus.com/bid/9000/info It has been reported that DailyDose may be prone to a remote command execution vulnerability due to insufficient sanitization of $temp variable in dose.pl script. An attacker may submit...
kpopup 0.9.x - Privileged Command Execution
kpopup 0.9.x - Privileged Command Execution // source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3...
ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front
ZH2003-28SA security advisory: file inclusion vulnerability in PayPal Store Front Published: 08 October 2003 Name: PayPal Store Front Affected Versions: 3.0 and other versions? Vendor: http://www.muziqpakistan.net/taz/ Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description...
OpenSSH < 3.7.1 Multiple Vulnerabilities
According to its banner, the remote SSH server is running a version of OpenSSH older than 3.7.1. Such versions are vulnerable to a flaw in the buffer management functions that might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note...
CVE-2003-0644
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands...
DSA-364-3 man-db - buffer overflows, arbitrary command execution
Bulletin has no description...