Fedora 13 : libHX-3.6-1.fc13 / pam_mount-2.5-1.fc13 (2010-13127)

Update to libHX 3.6 fixing a buffer overflow in HXsplit: http://libhx.gi t.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f9 0d pammount v2.5 August 10 2010 =============================== Changes: - mount.crypt: fix incorrect processing of binary files in keyfile passthrough -...

Code injection

inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exifprog parameter, which is specified in an exec function call...

CVE-2007-5224

inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exifprog parameter, which is specified in an exec function call...

CVE-2007-5224

The CVE-2007-5224 entry affects Original Photo Gallery 0.11.2 and earlier. Affected file: inc/exif.inc.php; the exif_prog parameter is used inside an exec() call without proper sanitization, allowing remote attackers to execute arbitrary commands on the server. This is described in multiple sourc...

Code injection

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...

TorrentFlux 2.2 (maketorrent.php) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================== TorrentFlux 2.2 maketorrent.php Remote Command Execution Exploit ================================================================== The variable announce in maketorrent.php...

TorrentFlux 2.2 - maketorrent.php Remote Command Execution

TorrentFlux 2.2 - maketorrent.php Remote Command Execution The variable announce in maketorrent.php is not sanitised before being used. The announce variable goes through various stages throughout the script, then it is passed as a into an exec function. This occurs in the middle of the string...

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure / source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are vali...

CVE-1999-0561

CVE-1999-0561 affects IIS where the #exec function is enabled for Server Side Include (SSI) files. The root cause is the SSI #exec handling, enabling potential command execution. Affected product: IIS; vulnerability details and exploitation status are not fully provided in the supplied documents....

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...