8703 matches found
SpamAssassin spamd Crafted Message Arbitrary Command Execution
The remote host is running spamd, a daemon belonging to SpamAssassin and used to determine whether messages represent spam. The installed version of spamd on the remote host appears to allow an unauthenticated user to execute arbitrary commands, subject to the privileges of the user under which i...
dotclear_124_php5_xpl.txt
!/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear" "fil atom" "fil rss" +commentaires\r\n\r\n"; /...
DotClear 1.2.4 - 'prepend.php' Remote File Inclusion
!/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear" "fil atom" "fil rss" +commentaires\r\n\r\n"; /...
CVE-2006-2720
SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...
[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00671912 Version: 1 HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be acted upon as...
[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00672314 Version: 1 HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager OV NNM Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation NOTICE: The...
rt-sa-2006-002.txt
Advisory: Prodder Remote Arbitrary Command Execution RedTeam identified a security flaw in prodder which makes it possible for a malicious podcast server to execute arbitrary shell commands on the victim's client. Details ======= Product: Prodder Affected Versions: All versions up to prodder-0.4...
Perlpodder Remote Arbitrary Command Execution
Advisory: Perlpodder Remote Arbitrary Command Execution RedTeam identified a security flaw in perlpodder which makes it possible for a malicious podcast server to execute arbitrary shell commands on the victim's client. Details ======= Product: perlpodder Affected Versions: All versions up to...
Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Nucleus = 3.22 arbitrary remote inclusion exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "this is called the "deadly eyes of Sun-tzu"\r\n"; echo "dork:...
Prodder 0.4 - Arbitrary Shell Command Execution
Prodder 0.4 - Arbitrary Shell Command Execution source: https://www.securityfocus.com/bid/18068/info Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1058-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2006 http://www.debian.org/security/faq -...
FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)
Tavis Ormandy reports : The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may al...
AWStats migrate Parameter Arbitrary Command Execution
The remote host is running AWStats, a free logfile analysis tool written in Perl. The version of AWStats installed on the remote host fails to sanitize input to the 'migrate' parameter before passing it to a Perl 'open' function. Provided 'AllowToUpdateStatsFromBrowser' is enabled in the AWStats...
AWStats 6.4 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)
AWStats 6.4 6.5 - AllowToUpdateStatsFromBrowser Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.
.oOOo. MySQL COMTABLEDUMP .oOOo. Information Leakage and Arbitrary command execution ============================== - Summary: MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by overwriting the...
DSA-1039-1 blender - several
Bulletin has no description...
CVE-2006-1865
Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing...
PAJAX < 0.5.2 Multiple Vulnerabilities
The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...