Barracuda - IMG.pl Remote Command Execution (Metasploit)

$Id: barracudaimgexec.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

RedHat Update for sudo RHSA-2010:0361-01

Check for the Version of sudo OpenVAS Vulnerability Test RedHat Update for sudo RHSA-2010:0361-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Update Protection against SAP GUI SAPBExCommonResources ActiveX Command Execution

A buffer overflow vulnerability has been reported in SAP GUI, the GUI client in SAP's 3-tier architecture of database, application server and client. The vulnerability exists in the SAP GUI SAPBExCommonResources ActiveX control. The vulnerability may allow remote attackers to execute arbitrary...

Foxit Reader Arbitrary Command Execution Vulnerability

The host is installed with Foxit Reader and is prone to arbitrary command execution vulnerability. OpenVAS Vulnerability Test $Id: gbfoxitreadercodeexecvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ Foxit Reader Arbitrary Command Execution Vulnerability Authors: Antu Sanadi Copyright: Copyright c...

Foxit Reader Arbitrary Command Execution Vulnerability

Foxit Reader is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)

HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...

AjaXplorer checkInstall.php Arbitrary Command Injection

The version of AjaXplorer running on the remote web server has a command injection vulnerability. Input passed to the 'destServer' parameter of 'checkInstall.php' is used in a call to popen without being properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrar...

JAVA Web Start Arbitrary command-line injection

Exploit for multiple platform in category remote exploits =============================================== JAVA Web Start Arbitrary command-line injection =============================================== Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java...

sudo -- Privilege escalation with sudoedit

Todd Miller reports: Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a "./" prefix to commands found in the current working directory. This creates an ambiguity between a "sudoedit" comma...

Foxit Reader vulnerable to arbitrary command execution

Overview Foxit Reader contains a vulnerability that may allow an attacker to execute arbitrary commands without requiring user interaction. Description Foxit Reader is software designed to view Portable Document Format PDF files. The Adobe PDF Reference supports a "Launch action" that "... launch...

Sql injection

SQL injection vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to execute arbitrary SQL commands via the subj parameter...

Trouble Ticket Express fid Parameter Arbitrary Remote Code Execution

The remote host is running Trouble Ticket Express, an open source web-based trouble ticket application written in Perl. At least one module included with the version of Trouble Ticket Express hosted on the remote web server fails to sanitize input to the 'fid' parameter of the 'ttx.cgi' script...

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection

The remote mail server is affected by a command execution vulnerability. Specifically, the 'spamass-milter' plugin does not properly sanitize user-supplied input and can be tricked into executing arbitrary commands on the remote server by default with root privileges. C Tenable Network Security,...

Debian DSA-1979-1 : lintian - multiple vulnerabilities

Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using...

TWiki Search Function Arbitrary Command Execution

This module exploits a vulnerability in the search component of TWiki. By passing a 'search' parameter containing shell metacharacters to the 'WebSearch' script, an attacker can execute arbitrary OS commands. This module requires Metasploit: https://metasploit.com/download Current source:...

hplip hpssd.py From Address Arbitrary Command Execution

$Id: hpliphpssdexec.rb 8511 2010-02-16 00:27:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

LANDesk管理网关工具跨站脚本和跨站请求伪造漏洞

BUGTRAQ ID: 38119 CVE ID: CVE-2010-0368,CVE-2010-0369 LANDesK管理网关工具是安全的系统管理套件。 Landesk管理网关工具没有充分验证提交特制请求的用户，当Web应用接收到删除之前所生成备份的请求时，会由 gsb/BackupRestoreTab.php处理该请求： /----- 19 $cmd = "sudo /subin/backuptool --delete $POST'delBackupName'"; 20 exec$cmd; 21 $msg = "Successfully Removed:...

SystemTap 'stap-server' Remote Shell Command Injection Vulnerability

SystemTap is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1979-1 [email protected] http://www.debian.org/security/ Raphael Geissert January 27, 2009 http://www.debian.org/security/faq -...

[Backports-security-announce] Security Update for lintian

Raphael Geissert uploaded new packages for lintian which fixed the following security problems: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems control...