1287 matches found
BakBone NetVault remote heap overflow
Added: 03/24/2006 CVE: CVE-2005-1009 BID: 12967 OSVDB: 15234 Background BakBone NetVault is a distributed data backup and restore solution for UNIX and Windows networks. Problem A heap overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...
SUSE-SA:2006:017: sendmail
The remote host is missing the patch for the advisory SUSE-SA:2006:017 sendmail. The popular MTA sendmail is vulnerable to a race condition when handling signals. Under certain circumstances this bug can be exploited by an attacker to execute commands remotely. Sendmail was the default MTA in SuS...
CVE-2006-1353
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the downloadid parameter in downloadclick.asp and 2 contentID parameter in news/NewsItem.asp; authenticated administrators can also conduct attacks via 3 userid...
SSH.COM SFTP server -- format string vulnerability
SSH Communications Security Corp reports a format string vulnerability in their SFTP server. This vulnerability could cause a user with SCP/SFTP access only to get permission to execute also other commands. It could also allow user A to create a special file that when accessed by user B allows us...
CVE-2006-0446
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors...
CVE-2006-0410
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings...
creLoaded 6.15 - HTMLAREA Automated Perl
creLoaded 6.15 - HTMLAREA Automated Perl !/usr/bin/perl creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined PHP script or one provided in this script suits most...
creLoaded <= 6.15 (HTMLAREA) Automated Perl Exploit
Exploit for unknown platform in category web applications =================================================== creLoaded Rather simple exploit, but still an exploit nonetheless. Attempts to upload php script and utilise that to execute commands, and show off a fake shell. Can specify: User-defined...
Trend Micro ServerProtect Management Console isaNVWRequest.dll chunked POST buffer overflow
Added: 01/24/2006 CVE: CVE-2005-1929 BID: 15865 OSVDB: 21771 Background ServerProtect is a virus scanner for servers. Problem A buffer overflow in ServerProtect Management Console could allow a remote attacker to execute commands using a chunked POST request to isaNVWRequest.dll. Resolution Use t...
EFileGo 3.0 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/16124/info eFileGo is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to retrieve arbitrary files, upload files to...
BrightStor ARCserve Backup agent for MS-SQL buffer overflow
Added: 12/20/2005 CVE: CVE-2005-1272 BID: 14453 OSVDB: 18501 Background BrightStor ARCserve Backup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in the backup agent for Microsoft SQL Server allows remote attackers to execute arbitrary commands. Resolution App...
CVE-2005-1925
Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via 1 the suckurl parameter to tiki-editpage.php or 2 language parameter to tiki-userpreferences.php...
CVE-2005-1925
CVE-2005-1925 concerns multiple directory traversal vulnerabilities in TikiWiki before 1.9.1. The issues reside in tiki-editpage.php (suck_url) and tiki-user_preferences.php (language) where user-controlled input is read as file paths without proper sanitization, enabling reading arbitrary files ...
upload phpshell in PHPFM
upload phpshell in PHPFM discovered by rUnViRuS www.worlddefacers.net www.security-arab.com =-=-=-=-=-=-=-=-= the code shell :- --------------- pre ? passthru$GET'cmd'; ? save as cmd.php now upload in PHPFM =-=-=-= Used Shell =-=-=-= www.site.com/file upload name/files/cmd.php?cmd=command linux...
NT IIS 5.0 Malformed HTTP Printer Request Header Buffer Overflow Vulnerability
There is a buffer overflow in the remote IIS web server. It is possible to overflow the remote Web server and execute commands as the SYSTEM user. At attacker may make use of this vulnerability and use it to gain access to confidential data and/or escalate their privileges on the Web server. See...
Microsoft SQL Server (MSSQL) Hello Overflow Vulnerability (Q316333) - Active Check
Microsoft SQL Server MSSQL is prone to a hello overflow vulnerability. SPDX-FileCopyrightText: 2002 Dave Aitel Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
EUVD-2005-2778
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field...
CVE-2005-2716
The eventpincoderequest function in the btsrv daemon btsrv.c in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name...
CVE-2005-2411
Cross-Site Request Forgery CSRF vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user...
CVE-2005-2411
Cross-Site Request Forgery CSRF vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user...