Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (1)

// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line wit...

Sendmail 8.11/8.12 Debugger - Arbitrary Code Execution (2)

// source: https://www.securityfocus.com/bid/3163/info An input validation error exists in Sendmail's debugging functionality. The problem is the result of the use of signed integers in the program's tTflag function, which is responsible for processing arguments supplied from the command line wit...

SuSE 6.36.47.0 sdb - Arbitrary Command Execution

SuSE 6.36.47.0 sdb - Arbitrary Command Execution source: https://www.securityfocus.com/bid/3208/info An input validation error exists in sdb, the SuSE Support Data Base. The problem exists in the sdbsearch.cgi script, which uses data directly from the 'Referer' header field from a HTTP request as...

phpBB 1.x - Page Header Arbitrary Command Execution

phpBB 1.x - Page Header Arbitrary Command Execution source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with...

phpBB 1.x - Page Header Arbitrary Command Execution

source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with the phpBB system to submit values for certain...

SSH2 3.0 - Short Password Login

SSH2 3.0 - Short Password Login source: https://www.securityfocus.com/bid/3078/info An input validation error exists in version 3.0.0 of the SSH daemon sshd running on Unix platforms. It may be possible for remote users to log in to accounts for which there are two or less characters in the...

eperl -- Remote code execution

David Madison reports: ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by...

Microburst uDirectory 2.0 - Remote Command Execution

Microburst uDirectory 2.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the...

Microburst uDirectory 2.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software. !/usr/bin/perl -w management, e-commerce...

new advisory

---=== UkR security team - Advisory ===--- uStorekeepertm Online Shopping System - Runtime Script - 'arbitrary file retreival' vulnerability Date: 03.04.2001 Problem: input validation error. Vulnerable products: ustorekeeper.pl version 1.61 probably others, but not tested Product vendor: Microbur...

advisory

---=== UkR security team - Advisory no. 11 ===--- Anaconda Clipper - 'arbitrary file retreival' vulnerability Date: 27.03.2001 Problem: input validation error. Vulnerable products: Anaconda Clipper ver. 3.3 probably others, but not tested Product vendor: Anaconda / http://www.anaconda.net Comment...

IBM NetCommerce Security

hola friends, while i was participating on the openhack contest i found a couple of serious security-holes within ibm s so called "netcommerce" thing which seems to be a mixture of websphere, net.data, servlets, jsp s and db2? however..summary: class: input validation error remote: yes local: yes...

ISC BIND 4 contains input validation error in nslookupComplain()

Overview The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS by the Internet Software Consortium ISC. There is a format string vulnerability in BIND 4.9.4 that may allow remote intruders to gain access to systems running BIND. Although BIND 4.9.x is no longer...

Input validation error in quikstore.cgi allows attackers to execute commands

Overview The quikstore shopping cart script contains an input validation error that allows attackers to execute commands on affected web servers. Description The quikstore.cgi script is written in Perl and provides its users with shopping cart software for e-commerce transactions. In November 200...

gbook.cgi.txt

Bug Report 1. Name: gbook.cgi remote command execution vulnerability 2. Release Date: 2000.11.10 3. Affected Application: GBook - A web site guestbook By Bill Kendrick [email protected] http://zippy.sonoma.edu/kendrick/ 4. Author: [email protected] 5. Type: Input validation Error 6...

[hacksware] gbook.cgi remote command execution vulnerability

Bug Report 1. Name: gbook.cgi remote command execution vulnerability 2. Release Date: 2000.11.10 3. Affected Application: GBook - A web site guestbook By Bill Kendrick [email protected] http://zippy.sonoma.edu/kendrick/ 4. Author: [email protected] 5. Type: Input validation Error 6...

Explanation Authentix Input Validation Error

Hi there, Yesterday I posted an advisory concerning a bug in Authentix that would allow users to bypass authentification. When I contacted the vendor about this they were very responsive and after some emails going here and there we agreed to postpone the bugtraq-posting for two weeks and give th...

Format string input validation error in wu-ftpd site_exec() function

Overview A vulnerability involving an input validation error in the "site exec" command has recently been identified in the Washington University ftpd wu-ftpd software package. Sites running affected systems are advised to update their wu-ftpd software as soon as possible. A similar but distinct...

wu-ftpd advisory update

UPDATE: This announcement was first mailed out on 28-Sep-2000. It was later determined that incorrect 16-bit sums and 128-bit MD5 message digests were included in the announcement. The announcement below is identical to the one from yesterday, but it includes the correct verification data. We...

Unixware SCOhelp http server format string vulnerability

CORE SDI Inc. http://www.core-sdi.com Unixware SCOhelp http server format string vulnerability Date Published: 09/27/00 Advisory ID: CORE-092700 Bugtraq ID: 1717 CVE CAN: None currently assigned. Title: Unixware SCOhelp http server format string vulnerability Class: Input validation error Remotel...