8702 matches found
Ruby: Arbitrary command execution through XML-RPC
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...
Debian DSA-748-1 : ruby1.8 - bad default value
A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server. The old stable distribution woody did not include ruby1.8. This problem is fixed for the current stable distribution sarge in version 1.8.2-7sarge1. This problem...
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
DSA-745-1 drupal - arbitrary command execution
Bulletin has no description...
DSA-748-1 ruby1.8 - bad default value
Bulletin has no description...
GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC
The remote host is affected by the vulnerability described in GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact : A remote attacker could exploit this vulnerability to execute arbitrary...
TikiWiki: Arbitrary command execution through XML-RPC
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...
GLSA-200507-03 : phpBB: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-200507-03 phpBB: Arbitrary command execution Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Impact : Successful exploitation would grant an attacker unrestricted access to the PHP exec or...
Community Link Pro - login.cgi?File Remote Command Execution
Community Link Pro - login.cgi?File Remote Command Execution source: https://www.securityfocus.com/bid/14097/info Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Due to this, an...
Fedora Core 4 : sudo-1.6.8p8-2.2 (2005-473)
Tue Jun 21 2005 Karel Zak 1.6.8p8-2.2 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...
K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution
// source: https://www.securityfocus.com/bid/14059/info CSVDB.CGI/iDB.CGI are affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'csvdb.cgi' script that will be executed in the context of the We...
sudo: Arbitrary command execution
Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...
Fedora Core 3 : sudo-1.6.7p5-30.3 (2005-472)
Tue Jun 21 2005 Karel Zak 1.6.7p5-30.3 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...
ruby -- arbitrary command execution on XMLRPC server
Nobuhiro IMAI reports: the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods"sample", MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...
CVE-2001-1498
Technical details about CVE-2001-1498 are not provided in the connected documents. The initial description notes a buffer overflow in mod_bf 0.2 allowing local command execution, but specifics (versions, root cause, exploit) are not disclosed here. Monitor for updates.
gzip security update
CentOS Errata and Security Advisory CESA-2005:357-01 An updated gzip package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. A bug was found in the way zgrep processe...
JamMail 1.8 - Jammail.pl Arbitrary Command Execution
source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to various attacks including unauthorized access to an...
e107 ePing Plugin doping.php Arbitrary Code Execution
The installation of e107 on the remote host includes a version of the ePing plugin that is affected by a command execution vulnerability. This plugin fails to sanitize the 'epingcmd', 'epingcount' and/or 'epinghost' parameters of the 'doping.php' script before using them in a system call. An...
CVE-2005-1789
SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password...