[Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability

NSFOCUS Security AdvisorySA2000-07 Topic: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Release DateЈє Nov 7th, 2000 Update DateЈє Nov 23rd, 2000 CVE Candidate Numbers: CAN-2000-0886 BUGTRAQ ID : 1912 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact:...

CVE-2000-0878

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...

CVE-2000-0854

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document...

CVE-2000-0856

Buffer overflow in SunFTP build 91 allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request...

Linux modutils 2.3.9 - 'modprobe' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1936/info Modutils is a component of many linux systems that includes tools for using loadable kernel modules. One of these tools, modprobe, loads a set of modules that correspond to a provided "name" passed at the command line automatically. Modprobe...

Insecure input balidation in YaBB Search.pl

Hi Everybody, Kosak reported this problem to vuln-dev last night. I downloaded the script and did some testing. There is an input validation problem with the 'catsearch' field, which gets interpolated in an open statement: openFILE, "$boardsdir/$cattosearch" || &fatalerror"$txt'23'...

YaBB 9.11.2000 - search.pl Arbitrary Command Execution

YaBB 9.11.2000 - search.pl Arbitrary Command Execution source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input...

YaBB 9.11.2000 - 'search.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input which arguments a call to open. A malicious user could...

Wang/Kodak Image Thumbnail ActiveX Control

Overview Description The Image Thumbnail control is incorrectly marked safe for scripting. This control is sometimes identified as from "Kodak" and other times as from "Wang". The Image Thumbnail control is one of several controls used to provide image editting services through a web site. Becaus...

Cisco Catalyst 3500 XL - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the contents of the particular file. In addition to...

Cisco Catalyst 3500 XL - Arbitrary Command Execution

Cisco Catalyst 3500 XL - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the...

CVE-2000-0781

uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved...

CVE-2000-0776

Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request...

BSD lpr 0.54 -4 - Arbitrary Command Execution

BSD lpr 0.54 -4 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitra...

BSD 'lpr' 0.54 -4 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1834/info lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 and possibly earlier versions contains a vulnerability that will allow an attacker to execute arbitrary commands with the privileges of group 'lp'...

CVE-2000-0828

CVE-2000-0828 describes a buffer overflow in Mobius DocumentDirect for the Internet 1.2 ’s ddicgi.exe . An attacker can trigger arbitrary command execution by sending a specially long User-Agent header, i.e., a remote code execution vulnerability. The entry lists a network attack vector with a hi...

CVE-1999-0247

Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands...

CVE-2000-0675

Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string...

CVE-2000-0655

CVE-2000-0655 affects Netscape Communicator 4.73 and earlier. The vulnerability allows remote attackers to cause a denial of service or execute arbitrary commands through a JPEG image containing a comment with an illegal field length of 1. The connected documents corroborate the affected software...

CVE-2000-0525

CVE-2000-0525: OpenSSH does not properly drop privileges when UseLogin is enabled, allowing local users to execute arbitrary commands by supplying the command to the ssh daemon. Affected: OpenSSH with UseLogin enabled. Root cause: privileges not dropped correctly after authentication. Impact: pot...