ReviewPost 2.84 - Multiple Vulnerabilities

ReviewPost 2.84 - Multiple Vulnerabilities ReviewPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc. Product: ReviewPost Version: = 2.84 Website: http://www.reviewpost.com/ BID: 12159 CVE: CVE-2005-0270 CVE-2005-0271 CVE-2005-0272 OSVDB: 12703 12704 12705 12706 12707 12708 SECUNIA: 13697...

Fedora 19 : transmission-2.84-1.fc19 (2014-8332)

update to 2.84 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...

Integer overflow

Integer overflow in the trbitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write...

Mandrake Security Advisory MDVSA-2009:041 (jhead)

The remote host is missing an update to jhead announced via advisory MDVSA-2009:041. OpenVAS Vulnerability Test $Id: mdksa2009041.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:041 jhead Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:041 (jhead)

The remote host is missing an update to jhead announced via advisory MDVSA-2009:041. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Input validation

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input...

CVE-2008-4641

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input...

CVE-2008-4640

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which 1 a final "z" character is replaced by a "t" character or 2 a final "t" character is replaced by a "z" character...

CVE-2008-4639

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file...

Fedora 8 : jhead-2.84-1.fc8 (2008-8941)

Thu Oct 16 2008 Adrian Reber - 2.84-1 - updated to 2.84 - fixes 'CVE-2008-4575 jhead buffer overflow' 467262 - removed upstreamed makefile patch - Wed Sep 24 2008 Adrian Reber - 2.82-2 - rebased makefile patch - Sat Apr 5 2008 Adrian Reber - 2.82-1 - updated to 2.82 - Mon Feb 18 2008 Fedora...

CVE-2008-4575

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service crash via 1 a long -cmd argument and 2 unspecified vectors related to "a bunch of potential string overflows."...

CVE-2008-4575

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service crash via 1 a long -cmd argument and 2 unspecified vectors related to "a bunch of potential string overflows."...

CVE-2008-4575

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service crash via 1 a long -cmd argument and 2 unspecified vectors related to "a bunch of potential string overflows."...

ThWboard <= 3.0b2.84-php5 SQL Injection / Code Execution Exploit

Exploit for unknown platform in category web applications ================================================================ ThWboard = 3.0b2.84-php5 SQL Injection / Code Execution Exploit ================================================================ ?php printr'...

ThWboard 3.0b2.84-php5 - SQL Injection Code Execution

ThWboard 3.0b2.84-php5 - SQL Injection Code Execution ?php printr' ----------------------------------------------------------------------------- ThWboard =3.0 beta 2.84-php5 boardstyleid sql injection / cmd exec exploit by rgod dork: "powered by ThWboard" version specific: "powered by ThWboard 3...

CVE-2006-2037

CVE-2006-2037 describes a cross-site scripting (XSS) vulnerability in Thwboard 3.0 Beta 2.84, specifically in index.php where the navpath parameter can be exploited to inject arbitrary script/HTML. The vulnerability affects the index.php handling of navpath and is characterized as an XSS risk tha...

CVE-2006-1926

ThWboard 2.84 beta 3 and earlier suffers an SQL injection in showtopic.php that allows remote attackers to execute arbitrary SQL commands via the pagenum parameter. This vulnerability could enable unauthorized access or modification of data as described in the entry. The connected documents do no...

CVE-2005-0272

The provided documents confirm a vulnerability in ReviewPost (PHP Pro) prior to version 2.84. The flaw allows remote attackers to upload and execute arbitrary PHP files by submitting a review file with multiple extensions, bypassing the product’s restrictions. This results in remote code executio...