856 matches found
CVE-1999-1501
1 ipxchk and 2 ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands...
Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (6)
Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 6 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...
CVE-2001-0021
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternatetemplate parameter...
HIS AUktion auktion.cgi Traversal Arbitrary Command Execution
The 'auktion.cgi' cgi is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc';...
CVE-2001-0060
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username...
CVE-2000-0910
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address...
CVE-2000-0592
Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands...
CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution
The version of CVSweb on the remote host is = 1.85. This version allows a remote attacker to execute arbitrary commands in the context of the web server. This version of CVSweb is no longer maintained. Please consider switching to the latest version of FreeBSD CVSweb. %NASLMINLEVEL 70300 C Tenabl...
CVE-2000-0527
userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters...
3R Soft MailStudio 2000 2.0 - Arbitrary File Access
3R Soft MailStudio 2000 2.0 - Arbitrary File Access source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI,...
CVE-1999-0997
CVE-1999-0997 affects wu-ftpd with FTP conversion enabled. A malformed file name can be interpreted as an argument to the converter, enabling command execution (e.g., via tar or uncompress) and giving an attacker the ability to run arbitrary commands with wu-ftpd’s privileges. Related advisories ...
CVE-1999-0208
rpc.ypupdated NIS allows remote users to execute arbitrary commands...
MetaInfo Web Server Traversal Arbitrary Command Execution
The remote MetaInfo web server installed with MetaInfo's Sendmail or MetaIP servers has an arbitrary command execution vulnerability. It is possible to read files or execute arbitrary commands by prepending the appropriate number of '../' to the desired filename. A remote attacker could exploit...
CdomainFree 2.4 - Remote Command Execution
CdomainFree 2.4 - Remote Command Execution source: https://www.securityfocus.com/bid/304/info A vulnerability in a CGI program part of CdomainFree allows remote malicious users to run any executable already existing to the machine. The vulnerability is in the whoisraw.cgi program. This CGI passes...
Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable
source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges ...
DSquare Exploit Pack: D2SEC_SUDO
Name| d2secsudo ---|--- CVE| CVE 2004-1051 Exploit Pack| D2ExploitPack Description| Sudo bash command execution Vulnerability Notes|...