6275 matches found
CVE-2002-0006
Vulnerability summary (CVE-2002-0006) : XChat versions 1.8.7 and earlier (including default configurations of 1.4.2 and 1.4.3) are vulnerable. A remote attacker can execute arbitrary IRC commands as another client by sending specially encoded characters in a PRIVMSG that calls CTCP PING, which ca...
Caldera UnixWare/OpenUnix unescaped shell characters problem
If | is used in filename shell comand may be executed by client on tertrieval...
Security fix for the ALT Linux 8 package apache2 version 2.0.40-21
Feb. 24, 2003 Joe Orton &[email protected] 2.0.40-21 - add security fix for CAN-2003-0020; replace non-printable characters with '!' when printing to error log. - disable debuginfo on IA64...
Low: Red Hat Security Advisory: lynx security update
Updated Lynx packages fix an error in the way Lynx parses its command line arguments which can lead to faked headers being sent to a Web server. Lynx is a character-cell Web browser, suitable for running on terminals such as the VT100. Lynx constructs its HTTP queries from the command line or...
Security bug in CGI::Lite::escape_dangerous_chars() function
SUBJECT Security bug in CGI::Lite::escapedangerouschars function, part of the CGI::Lite 2.0 package, and earlier revisions thereof. SUMMARY The CGI::Lite::escapedangerouschars function fails to escape the entire set of special characters that may have significance to the underlying shell command...
CVE-2003-0017
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as "", which causes a different filename to be processed and served...
(RHSA-2002:214) php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to the MTA such as sendmail in the 5th argument to mail, altering MTA...
BitKeeper command execution
Uncommented shell characters...
Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters
Overview A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10. Description A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containin...
CVE-2002-2406
Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service hang via a large number of percent characters % in an HTTP GET request...
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...
KDE uncommented shell characters problems
User supplied data is not controlled during the call to external application...
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...
CVE-2002-1360
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminat...
CVE-2002-1186
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters...
Tetex command execution
Uncommented shell characters during system call in kpathsea library...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...
Buffer overflow in pine
Buffer overflow if address contains special characters...
security flaw
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."...