Vulnerabilities > CVE-2002-1536 - Remote Command Execution vulnerability in Hans Persson Molly 0.5

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

hans-persson

NVD

Published: 2003-03-31

Updated: 2008-09-05

Summary

Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl.

Vulnerable Configurations

Part	Description	Count
Application	Hans_Persson Hans Persson Molly 0.5	1

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0028.html
http://online.securityfocus.com/archive/1/296163
http://www.iss.net/security_center/static/10397.php
http://www.securityfocus.com/bid/6007