SimpleBBS 1.0.6/1.0.7/1.1 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/17501/info SimpleBBS is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this vulnerability to execute arbitrary PHP commands in the...

CVE-2006-1403

CVE-2006-1403 affects csDoom (client/server Doom) up to version 0.7. The vulnerability is in PrintString (c_console.cpp) and arises from a format-string issue, allowing remote attackers to cause a denial of service and potentially execute arbitrary commands via strings passed to the console. The ...

WebGUI < 6.7.6 arbitrary command execution

The remote web server contains a CGI script that is prone to arbitrary code execution. Description : The remote host is running WebGUI, a content management system from Plain Black Software. The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the OpenVAS...

WebGUI < 6.7.6 arbitrary command execution

The installed version of WebGUI on the remote host fails to sanitize user-supplied input via the SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

ATutor < 1.5.1-pl1 Multiple Flaws

The remote web server contains a PHP application that is prone to multiple flaws. The remote host is running ATutor, an open-source web-based Learning Content Management System LCMS written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution...

CVE-2006-1061

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL tftp:// with a valid hostname and a long path...

openssh security update

CentOS Errata and Security Advisory CESA-2006:0044 Updated openssh packages that fix bugs in sshd and add auditing of user logins are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's...

Low: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix bugs in sshd and add auditing of user logins are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This...

Limbo CMS index.php Itemid Parameter Arbitrary Command Execution

The remote host is running Limbo CMS, a content-management system written in PHP. The installed version of Limbo fails to sanitize input to the 'Itemid' parameter before using it as part of a search string in an 'eval' statement in the 'classes/adodbt/readtable.php' script. Regardless of PHP's...

SMBlog 1.2 - Arbitrary PHP Command Execution

SMBlog 1.2 - Arbitrary PHP Command Execution source: https://www.securityfocus.com/bid/16905/info SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

SMBlog 1.2 - Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16905/info SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP commands on the vulnerable...

OpenSSH, Dropbear: Insecure use of system() call

Background OpenSSH is a free application suite consisting of server and clients that replace tools like telnet, rlogin, rcp and ftp with more secure versions offering additional functionality. Dropbear is an SSH server and client designed with a small memory footprint that includes OpenSSH scp...

DEBIAN-CVE-2006-0626

SQL injection vulnerability in spipaccesdoc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter...

myquiz101.pl.txt

This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit. Athour : Hessam-x - www.hessamx.net +IHST : iran hackerz security team hackerz.ir Perl exploit !/usr/bin/perl = MyQuiz Remote Command Execution Exploit - By Hessam-x / www.hackerz.ir manual exploiting --...

MyQuiz 1.01 - &#039;PATH_INFO&#039; Arbitrary Command Execution

!/usr/bin/perl = MyQuiz Remote Command Execution Exploit - By Hessam-x / www.hackerz.ir manual exploiting -- http://target/cgi-bin/myquiz.pl/ask/;| SecurityFocus bug : http://www.securityfocus.com/archive/1/423921/30/0/threaded / | \ | | / \ \ / | |/ // \ \ / \ Y // \ | | \ | / \ / / / / /...

Irix LPD tagprinter Command Execution

This module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Irix. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Irix LPD tagprinter Command...

[SECURITY] [DSA 957-2] New ImageMagick packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 957-2 [email protected] http://www.debian.org/security/ Martin Schulze January 31st, 2006 http://www.debian.org/security/faq -...

Limbo CMS Multiple Vulnerabilities

The remote host is running Limbo CMS, a content-management system written in PHP. The remote version of this software is vulnerable to several flaws including : - If registerglobals is off and Limbo is configured to use a MySQL backend, then a SQL injection is possible due to improper sanitizatio...

[SECURITY] [DSA 957-1] New ImageMagick packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 957-1 [email protected] http://www.debian.org/security/ Martin Schulze January 26th, 2006 http://www.debian.org/security/faq -...

CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...