CVE-2002-0532

EMU Webmail allows local users to execute arbitrary programs via a .. dot dot in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters...

Apache 2.0 - Encoded Backslash Directory Traversal

Apache 2.0 - Encoded Backslash Directory Traversal source: https://www.securityfocus.com/bid/5434/info A directory traversal vulnerability exists in Apache versions 2.0.39 and earlier on non-Unix platforms potentially including Apache compiled with CYGWIN. Platforms that may be affected by this...

Shell metacharacters in Simple WAIS 1.11

'|' is not commented during external program execution...

Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution

source: https://www.securityfocus.com/bid/4752/info An issue exists in the way Microsoft Internet Explorer handles conflicting information in some HTTP headers used to describe non-HTML content. A malicious web server may provide content with misleading values in the content-type and...

More SWF vulnerabilities?

Vulnerable systems: unpatched "standalone Flash players" Macromedia Shockwave Flash player versions before January 2002? Fix: "In response to the discovery of the virus, in January Macromedia released an update to its standalone Flash player that causes the player to ignore the "exec" action."...

CVE-2001-0942

The CVE concerns Oracle 8.1.6 and 8.1.7 where dbsnmp uses the ORACLE_HOME environment variable to locate and execute the dbsnmp program. A local user can point ORACLE_HOME to an attacker-controlled directory that contains a malicious dbsnmp, enabling arbitrary code execution with local privileges...

CVE-2001-0942

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLEHOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLEHOME to an alternate directory that contains a malicious version of dbsnmp...

MSIE may download and run programs automatically - details

This posting briefly describes some technical details of the vulnerability discussed in the Bugtraq messages with the subjects "MSIE may download and run progams automatically" Dec 14 2001 and "File extensions spoofable in MSIE download dialog" Nov 26 2001. The flaw allows a malicious web site to...

MacOS 9.2, Internet Explorer, Local Vulnerability

Vulnerability: Access controls can be evaded on MacOS9.2 using Internet Explorer, allowing users to execute programs they otherwise would not be able to run. Details: While in the college media lab I attempted to run MacSSH to get onto my home desktop, I received an error message telling me I did...

HP Openview NNM6.1 ovactiond bin exploit

Hello, Summery: HP Openview NNM6.1 and earlier running on unix have a problem with the suid bin executable ovactiond. It allows for starting of any program by just sending a trap or event to the station running the daemon. Details: in the trapd.conf the following is defined by default NNM6.1: EVE...

CVE-2001-0002

Affected software: Internet Explorer 5.5 and earlier.What’s vulnerable: how IE handles cached content in the Local Computer Zone and execution via .chm files, enabling remote code execution.Impact: remote attacker could run arbitrary code on the affected host.Remediation: apply the relevant cumul...

BubbleMon 1.31

VULNERABILITY DESCRIPTION Users can execute programs/shellscript by clicking on the bubblemon app. bubblemon is installed sgid kmem on FreeBSD and does not drop its egid before executing programs. VERSIONS AFFECTED All versions of BubbleMon up to 1.32 installed on FreeBSD . EXAMPLE $ id...

[SECURITY] [DSA 036-1] New version of Midnight Commander available

---------------------------------------------------------------------------- Debian Security Advisory DSA-036-1 [email protected] http://www.debian.org/security/ Martin Schulze March 7, 2001 - ---------------------------------------------------------------------------- Package : mc...

CVE-2001-0030

FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them...

guninski31.txt

Georgi Guninski security advisory 31, 2001 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Systems affected: Windows Media Player 7 and IE Risk: High Date: 1 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it unmo dified...

Windows Media Player 7 and IE vulnerability - executing arbitrary programs

Georgi Guninski security advisory 31, 2001 Windows Media Player 7 and IE vulnerability - executing arbitrary programs Systems affected: Windows Media Player 7 and IE Risk: High Date: 1 January 2001 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski. You may distribute it unmodified...

Microsoft Windows Media Player 7.0 - JavaScript URL

Microsoft Windows Media Player 7.0 - JavaScript URL source: https://www.securityfocus.com/bid/2167/info Windows Media Player is an application used for digital audio, and video content viewing. It can be embedded in webpages as an ActiveX control. It is possible to execute a javascript URL from...

OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5

Georgi Guninski security advisory 29, 2000 OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5 Systems affected: IE 5.5 probably 5.x and Outlook/Outlook Express, have not tested Risk: High Date: 23 November 2000 Legal Notice: This Advisory is Copyright c 2000 Georgi Guninski...

Redhat 6.2 dump command executes external program with suid priviledge.

Problem: Linux dump command executes external program with suid priviledge. 2. Tested Version dump-0.4b15 3. Example mat@localhost mat$ export TAPE=garbage:garbage mat@localhost mat$ export RSH=/home/mat/executethis mat@localhost mat$ cat /home/mat/executethis !/bin/sh cp /bin/sh /home/mat/sh...

IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs

Georgi Guninski security advisory 23, 2000 IE 5.5/Outlook security vulnerability - com.ms.activeX.ActiveXComponent allows executing arbitrary programs Systems affected: IE 5.5/Outlook/Outlook Express - probably other versions, have not tested Risk: High Date: 5 October 2000 Legal Notice: This...