AWStats 6.2-6.1 configdir Command Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability

Exim hostaton Buffer Overflow Vulnerability iDEFENSE Security Advisory IDEF0725 http://www.idefense.com/application/poi/display?type=vulnerabilities January 07, 2005 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at:...

STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard

STG Security Advisory: SSA-20041224-21 File extensions restriction bypass vulnerability in GNUBoard. Revision 1.0 Date Published: 2004-12-24 KST Last Update: 2005-01-03 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea...

CVE-2004-1468

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message...

CVE-2004-2270

Unknown vulnerability in IBM Parallel Environment PE 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code...

CVE-2004-2532

Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC...

CVE-2004-1389

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process,...

STG Security Advisory 2004-12-20.16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041220-16 PHP source injection and cross-site scripting vulnerabilities in ZeroBoard Revision 1.2 Date Published: 2004-12-20 KST Last Update: 2004-12-24 Disclosed by SSR Team [email protected] Summary =======...

STG Security Advisory 2004-12-14.14

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20041214-14 GNUBoard PHP injection vulnerability. Revision 1.0 Date Published: 2004-12-14 KST Last Update: 2004-12-14 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS...

Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow

Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...

Crystal FTP Pro Client Buffer Overflow

Package: Crystal FTP Pro Auth: http://www.casdk.com/ Version: 2.8 current release and below Vulnerability Type: Arbitrary Command Execution Crystal FTP Pro Description from the Developer: Crystal FTP Pro is a Top awarded FTP client for dummies and experts. The state of the art user-interface used...

[SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 612-1 [email protected] http://www.debian.org/security/ Martin Schulze December 20th, 2004 http://www.debian.org/security/faq -...

STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard

STG Security Advisory: SSA-20041215-17 Vulnerability of uploading files with multiple extensions in JSBoard Revision 1.0 Date Published: 2004-12-15 KST Last Update: 2004-12-15 Disclosed by SSR Team [email protected] Summary ======== JSBoard is one of widely used web BBS applications in...

STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability

STG Security Advisory: SSA-20041214-14 GNUBoard PHP injection vulnerability Revision 1.0 Date Published: 2004-12-14 KST Last Update: 2004-12-14 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea. Because of an input...

yamt -- arbitrary command execution vulnerability

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application...

rssh and scponly arbitrary command execution

Vulnerable applications: rssh All versions All operating systems scponly All versions All operating systems Not vulnerable: Discussion: rssh and scponly are restricted shells that are designed to allow execution only of certain preset programs. Both are used to grant a user the ability to transfe...

SCPOnly 2.x3.x - Arbitrary Command Execution

SCPOnly 2.x3.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow a...

SCPOnly 2.x/3.x - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a...

[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution

Gentoo Linux Security Advisory GLSA 200411-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...