8703 matches found
HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00742778 Version: 1 HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be acted upon as...
Mozilla Firefox JavaScript Navigator object vulnerability
Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...
Mozilla Firefox JavaScript Navigator object vulnerability
Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...
CentOS 3 : openssh (CESA-2006:0298)
Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...
TWiki 4.0.4 - Configure Script Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...
TWiki configure Script Arbitrary Command Execution
The version of TWiki installed on the remote host uses an unsafe 'eval' in the 'bin/configure' script that can be exploited by an unauthenticated attacker to execute arbitrary Perl code subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CS-MARS JBoss jmx-console access
Added: 07/26/2006 CVE: CVE-2006-3733 BID: 19075 OSVDB: 27419 Background The Cisco Security Monitoring, Analysis, and Response System CS-MARS recognizes and correlates network attacks. Problem CS-MARS includes the JBoss web application server with insufficient access control to the jmx-console...
CVE-2006-3844
Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027...
RHEL 3 : openssh (RHSA-2006:0298)
Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...
openssh security update
CentOS Errata and Security Advisory CESA-2006:0298 Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...
Low: Red Hat Security Advisory: openssh security update
Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...
CVE-2006-3590
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493...
CentOS 3 / 4 : xloadimage (CESA-2005:332)
A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in filenames is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The xloadimage utility displays images in an X...
CentOS 4 : ruby (CESA-2005:543)
Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby...
CentOS 3 / 4 : lynx (CESA-2005:839)
An updated lynx package that corrects a security flaw is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execute bug was found in the lynx 'lynxcgi:' URI handler. An attacker...
CVE-2006-3072
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation...
WinSCP < 3.8.2 Arbitrary Command Insertion
Binary data 3648.prm...
SpamAssassin spamd vpopmail user vulnerability
Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...
WordPress: Arbitrary command execution
Background WordPress is a PHP and MySQL based content management and publishing system. Description rgod discovered that WordPress insufficiently checks the format of cached username data. Impact An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially...
HP OpenView Storage Data Protector unauthorized access
Arbitrary command execution is possible...