pipe software vulnerabilities
vulnerabilities.aspcode.net
Searching pipe software vulnerabilities
In older versions of Sendmail, an attacker coul
character
|
attacker
|
commands
|
versions
|
Sendmail
|
execute
|
older
|
could
|
root
|
pipe
|
use
|
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
Alibaba web server allows remote attackers to e
attackers
|
character
|
malformed
|
commands
|
execute
|
Alibaba
|
server
|
remote
|
allows
|
pipe
|
URL
|
via
|
web
|
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
rxvt, when compiled with the PRINT_PIPE option
-print-pipe
|
PRINT_PIPE
|
specifying
|
privileges
|
including
|
Slackware
|
malicious
|
operating
|
parameter
|
compiled
|
various
|
program
|
command
|
systems
|
option
|
allows
|
RedHat
|
using
|
local
|
Linux
|
users
|
line
|
rxvt
|
gain
|
root
|
rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
Microsoft Windows 2000 telnet service creates n
Microsoft
|
Windows
|
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
Microsoft Windows 2000 telnet service creates n
Microsoft
|
Windows
|
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
Kerberos FTP client allows remote FTP sites to
arbitrary
|
Kerberos
|
execute
|
remote
|
client
|
allows
|
sites
|
pipe
|
code
|
FTP
|
via
|
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Microsoft SQL Server 7, 2000, and MSDE allows l
Microsoft
|
Server
|
SQL
|
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
The rotatelogs program on Apache before 1.3.28,
rotatelogs
|
program
|
before
|
Apache
|
The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
Microsoft SQL Server before Windows 2000 SP4 al
Microsoft
|
Windows
|
before
|
Server
|
SQL
|
Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
Race condition in Solaris 2.6 through 9 allows
condition
|
through
|
Solaris
|
service
|
denial
|
allows
|
cause
|
local
|
users
|
Race
|
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
AN HTTP 1.41e allows remote attackers to cause
attackers
|
service
|
denial
|
remote
|
allows
|
cause
|
HTTP
|
141e
|
AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability.
DB2 8.1 remote command server (DB2RCMD.EXE) exe
command
|
server
|
remote
|
DB2
|
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
The EPSF pipe support in enscript 1.6.3 allows
enscript
|
support
|
EPSF
|
pipe
|
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
The Server service (srvsvc.dll) in Windows XP S
service
|
Server
|
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."
Stack-based buffer overflow in the create_named
create_named_pipe
|
Stack-based
|
libmysqlc
|
function
|
overflow
|
buffer
|
PHP
|
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.
Multiple unspecified vulnerabilities in Etherea
vulnerabilities
|
unspecified
|
Ethereal
|
Multiple
|
08x
|
Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector.
Cross-site scripting (XSS) vulnerability in inc
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
PGP Desktop before 9.5.1 does not validate data
Desktop
|
before
|
PGP
|
PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address.
Multiple unspecified scripts in mIRC allow user
user-assisted
|
unspecified
|
attackers
|
arbitrary
|
Multiple
|
scripts
|
execute
|
remote
|
allow
|
code
|
mIRC
|
'|'
|
via
|
Multiple unspecified scripts in mIRC allow user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
The mIRC Control Plug-in for Winamp allows user
user-assisted
|
attackers
|
arbitrary
|
execute
|
Control
|
Plug-in
|
remote
|
Winamp
|
allows
|
code
|
mIRC
|
'|'
|
via
|
The mIRC Control Plug-in for Winamp allows user-assisted remote attackers to execute arbitrary code via the '|' (pipe) shell metacharacter in the name of the song in a .mp3 file.
Software vulnerabilities results 1 to 20 of 32
Page:
1
2
►