8702 matches found
ShopPlus Arbitrary Command Execution Vulnerability - Active Check
The ShopPlus CGI is prone to a vulnerability that allows execution of arbitrary commands with the security privileges of the web server. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SecureCRT SSH1 protocol version string overflow
The remote host is using a vulnerable version of SecureCRT, a SSH/Telnet client built for Microsoft Windows operation systems. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVSTrac ticket title arbitrary command execution
The remote host seems to be running cvstrac, a web-based bug and patch-set tracking system for CVS. This version contains a flaw related to ticket titles containing a semi-colon that may allow an attacker to execute arbitrary commands on the system. SPDX-FileCopyrightText: 2004 David Maciejak Som...
BasiliX Arbitrary Command Execution Vulnerability
The remote web server contains a BasiliX PHP script that is prone to arbitrary. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PhpGroupWare arbitrary command execution
The remote host seems to be running PhpGroupWare, is a multi-user groupware suite written in PHP. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Fedora Core 3 : gdb-6.1post-1.20040607.43.0.1 (2005-1032)
This is an fc3 update for gdb regarding security issues : CVE-2005-1704 Integer Overflow in gdb This problem is that gdb's internal copy of bfd does not protect against heap-based overflow. CVE-2005-1705 gdb arbitrary command execution This problem allows unprotected .gdbinit files to execute...
ATutor 1.x - forum.inc.php Arbitrary Command Execution
ATutor 1.x - forum.inc.php Arbitrary Command Execution source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks...
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...
ATutor < 1.5.1-pl1 Multiple Remote Vulnerabilities (XSS, RFI, Command Exe)
The remote host is running ATutor, an open source, web-based Learning Content Management System LCMS written in PHP. The version of ATutor installed on the remote host may be vulnerable to arbitrary command execution, arbitrary file access, and cross-site scripting attacks. Successful exploitatio...
Snoopy 0.9x1.01.2 - Arbitrary Command Execution
Snoopy 0.9x1.01.2 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized...
Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access to the application in the context of...
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 870-1 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...
CVE-2004-2532
CVE-2004-2532 affects the Serv-U FTP Server prior to version 5.1.0.0. The issue arises from a default administrator account and password that allow a local user to authenticate to the server, create a new user, log in as that user, and then issue a SITE EXEC command to execute arbitrary commands ...
sudo -- arbitrary command execution
Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...
TWiki %INCLUDE Parameter Arbitrary Command Injection
According to its banner, the installed version of TWiki allows an attacker to manipulate input to the 'rev' parameter in order to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
WebGUI 6.x - Arbitrary Command Execution
WebGUI 6.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/15083/info WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. This issue can facilitate unauthorized remote access...
WebGUI 6.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/15083/info WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. This issue can facilitate unauthorized remote access...
SGI IRIX runpriv utility unfiltered shell characters vulnerability
Unfiltered shell characters allow to execute any command...
DEBIAN-CVE-2005-2966
The Python SVG import plugin diasvgimport.py for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file...
security flaw
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...