556 matches found
E-Guest 1.1 - Server Side Include Arbitrary Command Execution
E-Guest 1.1 - Server Side Include Arbitrary Command Execution source: https://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in gues...
QPopper 4.0.x - PopAuth Trace File Shell Command Execution
QPopper 4.0.x - PopAuth Trace File Shell Command Execution source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctl...
Interactive Story File Disclosure Vulnerability
Interactive Story File Disclosure Vulnerability qDefense Advisory Number QDAV-2001-7-3 Product: Interactive Story Vendor: Valerie Mates http://www.valeriemates.com Severity: Remote; Attacker may read arbitrary file Versions Affected: Version 1.3 Vendor Status: Vendor contacted; has released new...
AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2
AdCycle SQL Command Insertion Vulnerability qDefense Advisory Number QDAV-2001-7-2 Product: AdCycle Vendor: AdCyle http://adcycle.com Severity: Remote; Attacker may gain AdCycle administrator status Versions Affected: Versions up to and including 1.15 Vendor Status: Vendor contacted; has released...
QDAV-2001-7-1
--=====================133743754==.ALT Content-Type: text/plain; charset="us-ascii"; format=flowed Multiple CGI Flat File Database Manipulation Vulnerability qDefense Advisory Number QDAV-2001-7-1 Product: Numerous CGI's Vendor: Numerous Vendors Severity: Remote; Severity varies, but can often be...
DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
DCForum Password File Manipulation Vulnerability qDefense Advisory Number QDAV-5-2000-2 Product: DCForum Vendor: D.C. Script Version Tested: DCForum 2000 1.0 Version 6.0 is believed to be vulnerable as well Severity: Remote; Any attacker may gain DCForum admin privileges, which result in...
IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage
// source: https://www.securityfocus.com/bid/2656/info The 'netprint' utility shipped with SGI Irix systems is used to send print jobs to print spoolers on remote hosts. It is installed setuid root by default. At the command line, 'netprint' accepts an option to specify the network type -n. This...
qDefense Advisory: DCForum allows remote read/write/execute
qDefense Advisory Number QDAV-5-2000-1 Product: DCForum Vendor: DCScripts www.dcscripts.com Version Tested: DCForum 2000 1.0 Severity: Any remote attacker may gain read/write/execute privilleges Cause: Failure to validate input; Trust of hidden fields; Allows uploading of arbitrary files by defau...
Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
The vendor has been contacted on this issue and it is being fixed. please visit his page for further updates. Just so all the script kids know it does allow partial command execution. The only limit to this is commands with arguements. EX: limited to single commands like ls,ps Debian also has thi...
phf CGI Script fails to guard against newline characters
Overview This document describes a vulnerability in a CGI script known as phf which was widely exploited in 1996 and 1997. Description The phf CGI script constructs a partial command line consisting of the ph command and appropriate arguments, and completes the command line based on the input fro...
Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Not much to say. While performing basic input validation checks in Lotus Domino ESMTP service see subject running on the top of Windows NT system this applies probably to other platforms as well, within approximately 30 seconds we found remote buffer overflow leading to system crash and, if...
calendar.pl.vuln
Evening, I wouldnt normally post a small thing like this to bugtraq but i checked out cgi-resources.com and it seems to be damn popular so someone here may care. Oh yeah I notified Matt the vendor and he figured it wasnt really an issue. Oh well. Visit www.suid.kg/advisories/ for more crap like...
irix-infosrch.cgi.txt
Hi, InfoSearch is a web-based interface to books, manpages, and relnotes, distributed by SGI. No suprises here, no parsing is done on the 'fname' variable before being passed to man2html. i.e. when cmd is 'getdoc' and db is 'man'. Also, fname is the full path to the manpage/relnote! I'm sure...
DNSTools Software DNSTools 1.0.81.10 - Input Validation
DNSTools Software DNSTools 1.0.81.10 - Input Validation source: https://www.securityfocus.com/bid/1028/info A vulnerability exists in the 1.0.8 release of DNSTools labeled on some areas of their site as 1.08, from DNSTools Software. By manipulating the contents of certain post variables, arbitrar...
Corel Linux OS 1.0 - buildxconfig
source: https://www.securityfocus.com/bid/1007/info Several vulnerabilities exist in the buildxconfig program, as included with Corel Linux 1.0. Using this program, it is likely that a local user could elevate privileges. By failing to check input to the -f and -x flags, it is possible for an...
SCO Unixware 2.17.07.0.17.17.1.1 - su(1) Buffer Overflow
SCO Unixware 2.17.07.0.17.17.1.1 - su1 Buffer Overflow // source: https://www.securityfocus.com/bid/826/info Certain versions of Unixware ship with a version of su1 which is vulnerable to a buffer overflow attack. This attack is possible because su1 fails to sanity check user supplied data, in th...