8703 matches found
[Backports-security-announce] Security Update for lintian
Raphael Geissert uploaded new packages for lintian which fixed the following security problems: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems control...
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1979-1 [email protected] http://www.debian.org/security/ Raphael Geissert January 27, 2009 http://www.debian.org/security/faq -...
CVE-2009-4488
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...
mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection
source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue...
FreeBSD : PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection (56ba8728-f987-11de-b28d-00215c6a37bb)
PEAR Security Advisory reports : Multiple remote arbitrary command injections have been found in the NetPing and NetTraceroute. When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections. %NASLMINLEVEL 70300 C...
CVE-2009-4498
CVE-2009-4498 affects Zabbix Server before 1.8. The vulnerability lies in node_process_command() (nodehistory.c), allowing remote command execution via a crafted request. Documented impact is remote arbitrary command execution with network access (CVSSv2 base 6.8). Connected sources confirm explo...
CoreHTTP Arbitrary Command Execution Vulnerability
No description provided by source. Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input...
CoreHTTP Arbitrary Command Execution Vulnerability
Exploit for unknown platform in category remote exploits ================================================== CoreHTTP Arbitrary Command Execution Vulnerability ================================================== Title: CoreHTTP Arbitrary Command Execution Vulnerability CVE-ID: OSVDB-ID: Author: Aar...
[SECURITY] [DSA-1959-1] New ganeti packages fix arbitrary command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1959-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 19, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA-1959-1] New ganeti packages fix arbitrary command execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1959-1 [email protected] http://www.debian.org/security/ Raphael Geissert December 19, 2009 http://www.debian.org/security/faq -...
DSA-1954-1 cacti - insufficient input sanitising
Bulletin has no description...
DAZ Studio Arbitrary Command Execution
Exploit for unknown platform in category local exploits ====================================== DAZ Studio Arbitrary Command Execution ====================================== Title: DAZ Studio Arbitrary Command Execution CVE-ID: 2009-4148 OSVDB-ID: Author: Core Security Published: 2009-12-03...
DAZ Studio Arbitrary Command Execution
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DAZ Studio Arbitrary Command Execution 1. Advisory Information Title: DAZ Studio Arbitrary Command Execution Advisory Id:...
CORE-2009-0909: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary Command Execution 1. Advisory Information Title: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution...
CORE-2009-0908: Autodesk SoftImage Scene TOC Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
Exploit for unknown platform in category local exploits ================================================================== Autodesk 3DS Max Application Callbacks Arbitrary Command Execution ================================================================== Title: Autodesk 3DS Max Application...
Autodesk SoftImage Scene TOC Arbitrary Command Execution
Exploit for unknown platform in category local exploits ======================================================== Autodesk SoftImage Scene TOC Arbitrary Command Execution ======================================================== Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution CVE-ID...
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
Autodesk 3DS Max Application Callbacks Arbitrary Command Execution. CVE-2009-3577. Local exploit for windows platform -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary...
Core Security Technologies Advisory 2009.0908
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk SoftImage Scene TOC Arbitrary Command Execution 1. Advisory Information Title: Autodesk SoftImage Scene TOC Arbitrary Command Execution Advisory Id:...
Core Security Technologies Advisory 2009.0909
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk 3DS Max Application Callbacks Arbitrary Command Execution 1. Advisory Information Title: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution...