Gentoo Security Advisory GLSA 200507-06 (Tikiwiki)

The remote host is missing updates announced in advisory GLSA 200507-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200508-09 (bluez-utils)

The remote host is missing updates announced in advisory GLSA 200508-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200501-02 (a2ps)

The remote host is missing updates announced in advisory GLSA 200501-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200409-24 (foomatic)

The remote host is missing updates announced in advisory GLSA 200409-24. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200507-06 (Tikiwiki)

The remote host is missing updates announced in advisory GLSA 200507-06. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200512-10 (opera)

The remote host is missing updates announced in advisory GLSA 200512-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

CVE-2008-3904

CVE-2008-3904 affects GPicView 0.1.9 within LXDE. The flaw is in src/main-win.c where shell metacharacters in a filename can allow context-dependent attackers to execute arbitrary commands. Documented impact is arbitrary command execution with the filename as the trigger; exploitation details are...

FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: coppermine

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

EMC AlphaStor Device Manager Arbitrary Command Execution

EMC AlphaStor Device Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Acoustica Mixcraft '.mx4'映像文件名缓冲区溢出漏洞

BUGTRAQ ID:30879 CNCAN ID：CNCAN-2008082901 Acoustica Mixcraft是一款多音轨音效混合器音频处理软件。 Acoustica Mixcraft处理恶意'.mx4'文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 问题是由于不正确检查项目文件.mx4的缓冲区，构建超长文件名，诱使用户装载，可导致触发缓冲区溢出而以应用程序权限执行任意指令。 Acoustica Mixcraft 4.2 Build 98 Acoustica Mixcraft 4.1 Build 96 目前没有解决方案提供：...

Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件任意命令执行漏洞

BUGTRAQ ID:30889 CNCAN ID：CNCAN-2008082903 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll不正确调用方法，远程攻击者可以利用漏洞以应用程序权限执行任意命令。 fwRemoteCfg.dll用于提供拨号相关功能，由于对"RunApp"方法缺少充分检查，构建恶意WEB页，诱使用户访问，可导致以应用程序权限执行任意命令。 Friendly Technologies fwRemoteCfg.dll 目前没有解决方案提供：...

Vim: Arbitrary Code Execution in Commands: K, Control-], g]

Vim: Arbitrary Code Execution in Commands: K, Control-, g 1. SUMMARY Product : Vim -- Vi IMproved Versions : 3.0--current, possibly older Impact : Arbitrary code execution Wherefrom: Local Original : http://www.rdancer.org/vulnerablevim-K.html Insufficient sanitization can lead to Vim executing...

Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives

Vim 7.2c.002 Fixes Arbitrary Command Execution when Handling Tar Archives 1. SUMMARY Product : Vim -- Vi IMproved Version : Vim = 7.0 possibly older, fixed in 7.2c.002 autoload/tar.vim version = 9 possibly older Impact : Arbitrary code execution Wherefrom: Local, remote Original :...

DEBIAN-CVE-2008-3459

Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted 1 lladdr and 2 iproute configuration directives, probably related to shell metacharacters...

CA ARCserve Backup for Laptops and Desktops整数溢出漏洞

BUGTRAQ ID: 30472 CVECAN ID: CVE-2008-3175 CA的ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 CA ARCserve Backup for Laptops and Desktops的LGServer服务在处理入站消息时存在整数溢出漏洞，如果未经认证的远程攻击者向TCP 1900端口上的LGServer服务提交了恶意请求的话，就会触发这个溢出，导致拒绝服务或执行任意指令。 Computer Associates Protection Suites 3.1 Computer Associates Protection...

Afuse 'afuse.c' SHELL命令注入漏洞

BUGTRAQ ID: 30245 CVE ID：CVE-2008-2232 CNCVE ID：CNCVE-20082232 Afuse是一款类似autofs工具的文件系统自动挂接程序。 Afuse不正确处理命令行参数，本地攻击者可以利用漏洞以高特权执行任意命令。 afuse接收如下形式的命令行： afuse /path -o mounttemplate="mount-script %m %r" \ unmounttemplate="unmount-script %m %r"...

Moderate: Red Hat Security Advisory: php security update

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. ...

Microsoft Access Snapshot Viewer file download vulnerability

Added: 07/11/2008 CVE: CVE-2008-2463 BID: 30144 OSVDB: 46749 Background The Snapshot Viewer for Microsoft Access is used to display report snapshots without needing to fully invoke Access. It enables an ActiveX control in snapview.ocx. Problem The Snapshot Viewer ActiveX control allows remote fil...