8687 matches found
MAILNEWS mailnews.cgi Arbitrary Command Execution
mailnews.cgi is being hosted on the remote web server. Input to the 'address' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands with the privileges of the web server. Please note Nessus only checked for the presence of this CGI, and did not...
CVE-2001-0172
CVE-2001-0172 describes a buffer overflow in ReiserFS 3.5.28 on SuSE Linux that allows local users to trigger a denial of service and potentially execute arbitrary commands by supplying a long directory name. The vulnerability is local (attack vector: LOCAL) with low complexity and authentication...
PHP < 4.0.4 IMAP Module imap_open() Function Overflow
A version of PHP that is older than 4.0.4 is installed on this host. There is a buffer overflow condition in the IMAP module of this version that could allow an attacker to execute arbitrary commands with the privileges of the web server, if this server is serving a webmail interface. %NASLMINLEV...
Joe Text Editor 2.8 - .joerc Arbitrary Command Execution
Joe Text Editor 2.8 - .joerc Arbitrary Command Execution source: https://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools....
CVE-2001-0112
The CVE-2001-0112 entry concerns the splitvt utility: multiple buffer overflows in splitvt prior to 1.6.5 allow local users to execute arbitrary commands. Public details in the connected documents confirm affected software (splitvt) and the vulnerable version range (before 1.6.5), with Debian and...
KICQ 1.0 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2443/info KICQ is an ICQ-compatible interactive messaging client for Unix. Versions of KICQ are vulnerable to remote execution of arbitrary commands embedded in URLs. A maliciously-composed URL containing shell metacharacters and shell commands can be sen...
CVE-2001-0005
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands...
CVE-2001-0028
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " quotation characters...
Micro Focus Cobol 4.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2359/info Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis. If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may be able to elevate privileges. A...
REVISION: @stake Advisory Notification: NetDDE Message Vulnerability (A020501-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please note revision section below @stake Inc. www.atstake.com Security Advisory Advisory Name: NetDDE Message Vulnerability Release Date: 02/05/2001 Updated on 2/08/2001 Application: Network DDE system component Platform: Windows 2000 up to and...
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...
CVE-2001-0098
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string...
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker t...
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges...
CVE-2000-0969
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon...
CVE-2000-1094
Affected software: AOL Instant Messenger (AIM) prior to version 4.3.2229. Vulnerability: A buffer overflow in the handling of the buddyicon command with a long src argument can allow a remote attacker to execute arbitrary commands on the victim’s machine. Root cause: Buffer overflow when processi...
CVE-2000-0947
The CVE-2000-0947 issue is a format-string vulnerability in CFEngine’s cfd (CFEngine daemon) that can be triggered via the CAUTH command, allowing an attacker to cause the vulnerable host to run arbitrary commands. OpenVAS/Nessus entries describe that the flaw arises in cfd’s syslog handling and ...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
CVE-2000-0973
CVE-2000-0973 affects curl before 6.0-1.1 and curl-ssl before 6.0-1.2. A buffer overflow occurs when generating a long error message, allowing remote attackers to execute arbitrary commands. Root cause: unchecked length in error handling. Connected sources (OSV, CVE records) confirm the overflow ...
CVE-2000-0949
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option...