GoAhead Web Server 2.1 - Arbitrary Command Execution

GoAhead Web Server 2.1 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/5464/info GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It is available for a variety of platfor...

Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution

The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. Sunsolve CD CGI scripts does not validate user input. Crackers may use them to execute some commands on your system. Note: Nessus did not try to...

Important: Red Hat Security Advisory: xchat security update

A security issue in XChat allows a malicious server to execute arbitrary commands. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IRC server when a /dns query is executed. Because XChat resolves hostnames by passing the configured...

Dispair 0.1/0.2 - Remote Command Execution

source: https://www.securityfocus.com/bid/5392/info Dispair fails to sufficiently validate user-supplied input before it is passed to the shell via the Perl open function. Remote attackers may potentially exploit this issue to execute arbitrary commands on the underlying shell with the privileges...

CVE-2002-0645

SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 may allow authenticated users to execute arbitrary commands...

rsh NULL Login Remote Privilege Escalation

It is possible to execute arbitrary command on this host using rsh by supplying a NULL username. C Tenable Network Security, Inc. include"compat.inc"; include"dataprotection.inc"; ifdescription scriptid10096; scriptversion "1.17"; scriptcvsdate"Date: 2018/08/13 14:32:36";...

[SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability

SPS Advisory 47 RealONE Player Gold / RealJukebox2 skin file download vulnerability UNYUN [email protected] Shadow Penguin Security http://www.shadowpenguin.org -------------------------------------------------------------- Date July. 12, 2002 vulnerable RealONE Player Gold Ver. 6.0.10.505...

Microsoft Windows 2000 Network Dynamic Data Exchange (DDE) executes code as Local System

Overview The Windows 2000 Network DDE agent permits local users to execute commands with system privileges. Description Dynamic Data Exchange DDE is an interprocess communication mechanism used in Microsoft Windows. A DDE share is an area of memory which is used to store and retrieve data. Networ...

IE allows universal Cross Domain Scripting (TL#003)

Thor Larholm, PivX, security advisory TL003 ------------------------------------- By Thor Larholm, Denmark 10 July 2002 HTML format: http://www.PivX.com/larholm/adv/TL003/ Topic: IE allows universal Cross Domain Scripting. Discovery date: 25 June 2002. Severity: High Affected applications:...

E-Guest 1.1 - Server Side Include Arbitrary Command Execution

E-Guest 1.1 - Server Side Include Arbitrary Command Execution source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in gues...

CVE-2002-0211

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed...

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not...

CVE-2002-0508

wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters 1 prolog or 2 epilog...

CVE-2002-0436

The CVE-2002-0436 entry maps to the SunSolve CD package: the CGI script sscd_suncourier.pl does not validate the email parameter, enabling remote command execution via shell metacharacters. Documented by NVD/Nessus/OpenVAS references, this is a clientless, remote issue affecting Sunsolve CD CGI i...

Important: Red Hat Security Advisory: : : : Updated xchat packages fix "/dns" vulnerability

A security vulnerability in XChat allows a malicious server to execute arbitrary commands. Updated 11 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IR...

CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...

Taskpads ActiveX Control incorrectly marked safe-for-scripting

Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...

CVE-2002-0277

Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter...

eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI

eSO Security Advisory: 2408 Discovery Date: April 3, 2000 ID: eSO:2408 Title: CIDER SHADOW CGI arbitrary command execution vulnerabilities Impact: Remote attackers can execute commands with the privileges of the running web server process Affected Technology: CIDER SHADOW 1.5, 1.6 Vendor Status:...

CGIScript.net - csMailto Hidden Form Field Remote Command Execution

CGIScript.net - csMailto Hidden Form Field Remote Command Execution source: https://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration...