Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
Max CVSS
10.0
EPSS Score
0.48%
Published
2000-11-14
Updated
2018-10-30
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
Max CVSS
3.7
EPSS Score
0.04%
Published
2000-10-20
Updated
2017-10-10
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
Max CVSS
10.0
EPSS Score
1.53%
Published
2000-10-20
Updated
2008-09-05
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
Max CVSS
7.5
EPSS Score
3.10%
Published
2000-03-01
Updated
2008-09-10
4 vulnerabilities found