CVE-2007-0835

The CVE-2007-0835 entry applies to Coppermine Photo Gallery 1.4.10 (and possibly earlier). It describes a remote command-injection vulnerability where an authenticated user can execute arbitrary shell commands by injecting shell metacharacters (a semicolon) into the ImageMagick-related input fiel...

Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

Microsoft Word 2000 Unspecified Code Execution Exploit (0day)

No description provided by source. use at your own risk + Title: Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit 0-day + code by xCuter BongGoo Kang - [email protected] + Critical: High Critical ...

Internet Explorer VML integer overflow

Added: 02/07/2007 CVE: CVE-2007-0024 BID: 21930 OSVDB: 31250 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vgx.dll when processing VML elements in a web page allows arbitrary command execution. Resolution Apply the...

Microsoft Word 2000 - Code Execution

Microsoft Word 2000 - Code Execution use at your own risk + Title: Microsoft Word 2000 Unspecified Code Execution Vulnerability Exploit 0-day + code by xCuter BongGoo Kang - [email protected] + Critical: High Critical + Impact: MS Word 2000 - Could Allow Arbitrary Command Execution MS word 20...

Microsoft Word 2000 Unspecified Code Execution Exploit (0day)

Exploit for unknown platform in category local exploits ============================================================= Microsoft Word 2000 Unspecified Code Execution Exploit 0day ============================================================= use at your own risk + Title: Microsoft Word 2000...

Drupal Comment_Form_Add_Preview函数远程代码执行漏洞

Drupal是一款开放源码的内容管理平台。 Drupal不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是评注中的预览没有从普通验证函数通过就直接传递，启用用户可使用'post comments'权限并访问超过一个输入格式过滤来执行任意代码。默认情况下，匿名和验证用户只能访问仅一个输入格式。 vbDrupal 4.7.5 Drupal 4.7.5 Drupal 4.7.4 Drupal 4.7.4 Drupal 4.7.3 Drupal 4.7.3 Drupal 4.7.2 Drupal 4.7.1 Drupal 4.7 Drupal 5.0 补丁下载：...

Debian DSA-1251-1 : netrick - insufficient escaping

It has been discovered that netrik, a text mode WWW browser with vi like keybindings, doesn't properly sanitize temporary filenames when editing textareas which could allow attackers to execute arbitrary commands via shell metacharacters. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Design/Logic Flaw

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

CVE-2007-0404

bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a 1 .po or 2 .mo file...

CVE-2007-0404

CVE-2007-0404 affects Django 0.95. The vulnerability lies in bin/compile-messages.py, which invokes msgfmt via os.system without quoting argument strings, allowing an attacker to inject shell metacharacters via a (1) .po or (2) .mo file and execute arbitrary commands. The underlying cause is unsa...

WinZip命令行远程缓冲区溢出漏洞

WinZip是一款流行的解压缩程序。 WinZip处理命令行参数存在缓冲区溢出，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击，可能执行任意指令。 提交类似的命令，可导致WinZip产生缓冲区溢出： Winzip32.exe "A" x 5002 WinZip 9.0 SR-1 目前没有解决方案： http://www.winzip.com/...

AllMyLinks Index.PHP远程文件包含漏洞

AllMyLinks是一款基于PHP的WEB应用程序。 AllMyLinks不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 AllMyPHP AllMyLinks 0.5 目前没有解决方案提供： http://www.php-resource.net/content-12.html...

PowerArchiver PAISO.DLL ISO文件处理缓冲区溢出漏洞

PowerArchiver是一款解压缩程序。 PowerArchiver处理ISO映象文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于PAISO.DLL version 1.7.3.0中的LoadTree和ReadHeader函数中，LoadTree和ReadHeader函数通过读取ISO文件中的目录条目构建每个文件的完整路径名，从每个目录条目中读取的目录名使用lstrcatA进行合成，最后成为文件名，最后使用不安全lstrcpyA函数拷贝到固定长度的堆栈缓冲区溢出，精心构建ISO文件，诱使用户打开，可导致以应用程序进程权限执行任意指令。...

AWStats configdir Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

HP Openview connectedNodes.ovpl Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the HP OpenView connectedNodes.ovpl CGI application. The results of the command will be displayed to the screen. This module requires Metasploit: https://metasploit.com/download Current source:...

Cacti graph_view.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graphview.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

Barracuda IMG.PL Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the Barracuda Spam Firewall appliance. Versions prior to 3.1.18 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...

TDiary未明远程代码执行漏洞

TDiary是一款类似WEBBLOG的日记软件。 TDiary存在一个未明安全问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 tDiary tDiary 2.0.3 tDiary tDiary 2.0.2 tDiary tDiary 2.0.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debi...