311 matches found
MAGIC Enterprise Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 immutec Security Advisory ID: SA-MAGIC-001 Date: 2001/12/17 Version: 0.2 Magic Enterprise multiple vulnerabilities Affected Software/System: ========================= Vendor : Magic Software http://www.magicsoftware.com Product : Magic Enterprise...
QPopper 4.0.x - PopAuth Trace File Shell Command Execution
source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctly handle user-supplied input. A user can supply data to the...
QPopper 4.0.x - PopAuth Trace File Shell Command Execution
QPopper 4.0.x - PopAuth Trace File Shell Command Execution source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctl...
Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution
Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied...
RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Motto from the modprobe manpage: "BUGS: Naah..." ------------------------------------------------ This vulnerability has been found by Sebastian Krahmer some time ago he is posting an advisory right now. Stupid shell command execution within userspace kernel helper application, modprobe, is...
Серьезная дырка в LPR (PostScript shell execution & grog)
При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...
TalentSoft Web+ Application Server (Linux) 4.6 - Example Script File Disclosure
TalentSoft Web+ Application Server Linux 4.6 - Example Script File Disclosure source: https://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. In Linux versions of the product, an example script installed in Web+ Web+Ping...
Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package,...
BizDB Search Script Enables Shell Command Execution at the Server
BizDB Search Script Enables Shell Command Execution at the Server Perfecto's Black Watch Labs Security Advisory 00-04 April 7th, 2000 Name: BizDB Search Script Enables Shell Command Execution at the Server Black Watch Labs ID: BWL-00-04 Date Released: April 7th, 2000 Category: ApplicationHTML:...
Great Circle Associates Majordomo 1.94.4 - Local resend
Great Circle Associates Majordomo 1.94.4 - Local resend source: https://www.securityfocus.com/bid/902/info It is possible to execute arbitrary commands with elevated privileges through exploiting the majordomo binary, "resend". A setuid root wrapper program calls resend after setuiding and...
Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)
source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services. It includes a component named RDS Remote Data Services. RDS allows remote access via the internet to database objects through IIS. Both are included i...