8702 matches found
GLSA-200508-09 : bluez-utils: Bluetooth device name validation vulnerability
The remote host is affected by the vulnerability described in GLSA-200508-09 bluez-utils: Bluetooth device name validation vulnerability The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact : An attacker...
[Full-disclosure] [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability
Gentoo Linux Security Advisory GLSA 200508-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
gforgeexec.txt
-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Author : Filippo Spi...
AWStats Referrer Header Arbitrary Command Execution
The remote host is running AWStats, an open source web analytics tool used for analyzing data from internet services such as web, streaming, media, mail and FTP servers. The version of AWStats installed on the remote host collects data about the web referrers and uses them without proper sanitati...
[SECURITY] [DSA 772-1] New apt-cacher package fixes arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 772-1 [email protected] http://www.debian.org/security/ Martin Schulze August 3rd, 2005 http://www.debian.org/security/faq -...
WPS Web-Portal-System wps_shop.cgi art Parameter Arbitrary Command Injection
The remote host is running the WPS Web-Portal-System. The version of this software installed on the remote host is vulnerable to remote command execution flaw through the argument 'art' of the script 'wpsshop.cgi'. A malicious user could exploit this flaw to execute arbitrary commands on the remo...
[SECURITY] [DSA 762-1] New affix packages fix arbitrary command and code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 762-1 [email protected] http://www.debian.org/security/ Martin Schulze July 19th, 2005 http://www.debian.org/security/faq -...
Debian DSA-760-1 : ekg - several vulnerabilities
Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creatio...
phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit)
No description provided by source. Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework for more...
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
phpBB 2.0.15 - PHP Remote Code Execution Metasploit Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework...
phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit)
Exploit for unknown platform in category web applications =========================================================== phpBB 2.0.15 Remote PHP Code Execution Exploit metasploit =========================================================== Title: phpBB 2.0.15 arbitrary command execution eXploit Name:...
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)
Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework for more information. package...
DSA-762-1 affix - several
Bulletin has no description...
[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 760-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
Slackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)
Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature mostly used to compress files, or produce tar archives to execute arbitrary commands on the serve...
FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
FreeBSD : ruby -- arbitrary command execution on XMLRPC server (594eb447-e398-11d9-a8bd-000cf18bbe54)
Nobuhiro IMAI reports : the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods'sample', MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...
FreeBSD : yamt -- arbitrary command execution vulnerability (d4a7054a-6d96-11d9-a9e7-0001020eed82)
Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...
FreeBSD : rssh & scponly -- arbitrary command execution (f11b219a-44b6-11d9-ae2f-021106004fd6)
Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports : The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire...
[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution
------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...