121 matches found
CVE-2007-6610
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...
CVE-2004-1147
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
Debian DSA-612-1 : a2ps - unsanitised input
Rudolf Polzer discovered a vulnerability in a2ps, a converter and pretty-printer for many formats to PostScript. The program did not escape shell meta characters properly which could lead to the execution of arbitrary commands as a privileged user if a2ps is installed as a printer filter...
Fedora Core 1 : lha-1.14i-12.2 (2004-294)
Lukasz Wojtow discovered a stack-based buffer overflow in all versions of lha up to and including version 1.14. A carefully created archive could allow an attacker to execute arbitrary code when a victim extracts or tests the archive. The Common Vulnerabilities and Exposures project cve.mitre.org...
AWStats Input Validation Hole in 'logfile'
Exploit for cgi platform in category dos / poc ========================================== AWStats Input Validation Hole in 'logfile' ========================================== Example:...
Moderate: Red Hat Security Advisory: hanterm-xf security update
Updated Hangul Terminal packages fix two security issues. Hangul Terminal is a terminal emulator for the X Window System, based on Xterm. Hangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the...
Wordit Logbook Version 0.98b3
Wordit Limited 2000. http://scripts.wordit.com/ User can read any files and execute any commands. Example: www.idontknowperl.com/logbook.pl? file=../../../../../../../bin/cat20logbook.pl00| / Alexey Sintsov aka DonHuan irc.megik.net brrr / include best/regards.h...
s8forum.txt
--0-1583051551-1041748889=:62186 Content-Type: text/plain; charset=us-ascii INFORMATIONS : ============= - Product : S8Forum - Tested version : 3.0 maybe other versions. - Website : http://www.kellishaver.com/ Vendor Status: not informed yet !!! - Problem : A security vulnerability in S8Forum...
Command execution in perl-MailTools
Usage of mailx as a mailer allows command insertion into mail body...
PGPMail.pl detection
The 'PGPMail.pl' CGI is installed. Some versions up to v1.31 a least of this CGI do not properly filter user input before using it inside commands. This would allow an attacker to run any command on the server. Note: Nessus just checked the presence of this CGI but did not try to exploit the flaw...
CVE-2002-0178
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands...
CVE-1999-1064
Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name argv0...
Gene6 BPFTP Server 2.0 - File Existence Disclosure
Gene6 BPFTP Server 2.0 - File Existence Disclosure source: https://www.securityfocus.com/bid/2537/info A user can confirm the existence and location of files and directory structure information, by submitting a 'size' or 'mdtm' command of a file. If the command is carried out by the vulnerable...
Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
The vendor has been contacted on this issue and it is being fixed. please visit his page for further updates. Just so all the script kids know it does allow partial command execution. The only limit to this is commands with arguements. EX: limited to single commands like ls,ps Debian also has thi...
CVE-2000-0824
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LDPRELOAD or...
Большая дырка в Web-интерфейсе Cisco Catalist (Web exec)
Анонимный пользователь может выполнить любые команды, например http://catalyst/exec/show/config/cr...
fcheck.txt
The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...
SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname
SGI InfoSearch 1.0 SGI IRIX 6.5.x - fname source: https://www.securityfocus.com/bid/1031/info The InfoSearch package converts man pages and other documentation into HTML web content. The search form uses infosrch.cgi which does not properly parse user input in the 'fname' variable, allowing...
lynx.2.8.2.extern.txt
-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: lynx-2.8.2 and older Date: Thu Sep 16 21:29:15 CEST 1999 Affected: all Linux distributions using lynx-2.8.2 and older A security hole was discovered in the package mentioned above. Please update as soon as possible or disable...