CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 2CVE-2001-0800 – Irix LPD tagprinter Command Execution
https://notcve.org/view.php?id=CVE-2001-0800
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. • https://www.exploit-db.com/exploits/10033 ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2 http://www.securityfocus.com/bid/27566 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/irix/lpd/tagprinter_exec.rb •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2001-0249
https://notcve.org/view.php?id=CVE-2001-0249
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. • http://www.cert.org/advisories/CA-2001-07.html http://www.nai.com/research/covert/advisories/048.asp http://www.securityfocus.com/bid/2550 https://exchange.xforce.ibmcloud.com/vulnerabilities/6332 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 10.0EPSS: 1%CPEs: 51EXPL: 4CVE-2001-0247 – FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0247
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. • https://www.exploit-db.com/exploits/20731 https://www.exploit-db.com/exploits/20732 https://www.exploit-db.com/exploits/20733 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html http://www.cert.org/advisories/CA-2001-07.html http://www.nai.com/research/covert/advisories/048.asp http://www.securityfocus.com&#x •
CVSS: 10.0EPSS: 1%CPEs: 32EXPL: 1CVE-2000-1220 – BSD / Linux - 'lpr' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2000-1220
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. • https://www.exploit-db.com/exploits/325 ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P http://seclists.org/lists/bugtraq/2000/Jan/0116.html http://www.atstake.com/research/advisories/2000/lpd_advisory.txt http://www.debian.org/security/2000/20000109 http://www.kb.cert.org/vuls/id/39001 http://www.l0pht.com/advisories/lpd_advisory http://www.redhat.com/support/errata/RHSA-2000-002.html http://www.securityfocus.com/bid/927 https://exchange. •
CVSS: 10.0EPSS: 2%CPEs: 31EXPL: 1CVE-2000-1221 – RedHat 6.1 / IRIX 6.5.18 - 'lpd' Command Execution
https://notcve.org/view.php?id=CVE-2000-1221
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP. • https://www.exploit-db.com/exploits/19722 ftp://patches.sgi.com/support/free/security/advisories/20021104-01-P http://rhn.redhat.com/errata/RHSA-2000-002.html http://www.atstake.com/research/advisories/2000/lpd_advisory.txt http://www.debian.org/security/2000/20000109 http://www.kb.cert.org/vuls/id/30308 http://www.l0pht.com/advisories/lpd_advisory http://www.securityfocus.com/bid/927 https://exchange.xforce.ibmcloud.com/vulnerabilities/3840 •