3844 matches found
Core Security Technologies Advisory 2007.1106
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies – CoreLabs Advisory http://www.coresecurity.com/corelabs SynCE Remote Command Injection Advisory Information Title: SynCE Remote Command Injection Advisory ID: CORE-2007-1106 Advisory URL:...
SynCE 0.92 - 'vdccm' Daemon Remote Command Injection
source: https://www.securityfocus.com/bid/27178/info SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remo...
Xfce-Terminal远程命令注入漏洞
BUGTRAQ ID: 24889 CVECAN ID: CVE-2007-3770 Xfce Terminal是Xfce桌面环境的控制台工具。 Xfce Terminal在使用URL串构造命令调用时存在漏洞,远程攻击者可能利用此漏洞诱使用户执行恶意Shell命令。 Xfce-Terminal 0.2.6 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.xfce.org/ http://foo.bar/$xterm/ http://google.com/search?q=$ls&sourceid=b0rk...
KVIrc irc:// URI处理器远程命令注入漏洞
BUGTRAQ ID: 24652 CVECAN ID: CVE-2007-2951 KVIrc是一款免费的可移植IRC客户端。 KVIrc客户端在处理“irc://”协议串时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行命令。 KVIrc客户端的src/kvirc/kernel/kviircurl.cpp文件中的parseIrcUrl函数在为KVIrc的内部脚本系统构建命令时没有正确过滤部分URI,如果用户受骗打开了特制的irc://或类似的URI(如irc6://)的话,就会导致注入并执行KVIrc脚本系统命令。成功攻击要求KVIrc是irc://或类似URI的默认处理器。...
F5 FirePass 4100 SSL VPN My.Activiation.PHP3远程命令注入漏洞
F5's FirePass SSL VPN提供使用标准WEB浏览器对应用程序和数据进行安全访问的解决方案。 F5 FirePass 4100不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'my.activation.php3'脚本对用户提交的'username'参数缺少过滤,在部分条件下允许用户注入Linux SHELL命令,导致以WEB权限执行。 F5 FirePass 4100 厂商解决方案 可参考如下安全公告获得补丁信息: https://tech.f5.com/home/solutions/sol167.html...
Samba < 3.0.25 Multiple Vulnerabilities
According to its banner, the version of the Samba server installed on the remote host is affected by multiple buffer overflow and remote command injection vulnerabilities, which can be exploited remotely, as well as a local privilege escalation bug. C Tenable Network Security, Inc...
[SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote Command Injection Vulnerability == CVE ID: CVE-2007-2447 == == Versions: Samba 3.0.0 - 3.0.25rc3 inclusive == == Summary: Unescaped user input parameters are passed == as...
Remote Command Injection Vulnerability
Description This bug was originally reported against the anonymous calls to the SamrChangePassword MS-RPC function in combination with the "username map script" smb.conf option which is not enabled by default. After further investigation by Samba developers, it was determined that the problem was...
php CRLF injection
CRLF injection vulnerability in the ftpputcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands...
CVE-2006-6610
clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."...
DEBIAN-CVE-2006-6610
clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."...
CVE-2006-6427
The CVE-2006-6427 entry concerns Xerox WorkCentre and WorkCentre Pro web UIs affected by command-injection in the WebUI. Affected versions are before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000. The vulnerability allows remote attackers to execute arbitrary commands vi...
Xerox WorkCentre WebUI远程命令注入漏洞
Xerox WorkCentre是一款数码打印复印一体机。 WorkCentre的TCP/IP主机名存在WebUI命令注入漏洞,允许攻击者绕过认证远程执行任意软件。如果成功利用的话,攻击者可以非授权更改系统配置。 Xerox WorkCentre Pro 275 Xerox WorkCentre Pro 265 Xerox WorkCentre Pro 255 Xerox WorkCentre Pro 245 Xerox WorkCentre Pro 238 Xerox WorkCentre Pro 232 Xerox WorkCentre 275 Xerox WorkCentre 26...
pservBad.txt
Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, From...
FlatNuke 2.5.x - 'referer.php' Crafted Referer Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...
[Full-disclosure] Pico Server (pServ) Remote Command Injection
Advisory: Pico Server pServ Remote Command Injection RedTeam found a remote command injection in Pico Server pServ which results in a remote attacker being able to issue arbitrary commands on the server. Details ======= Product: Pico Server pServ Affected Version: 3.2verified, =3.2 probably too...
security flaw
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline "%0a" before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command...
IBM cloudscape SQL Database (DB2J) vulnerable to remote command injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory ii/02-2004 www.illegalaccess.org IBM cloudscape SQL Database DB2J vulnerable to remote command injection Brief ===== Product : IBM cloudscape database Version : 5.1 Vendor : IBM Impact : Code injection, DoS,...
Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB
Hi, the following code crashes the Pointbase 4.6 database that comes with the J2EE reference implementation. It is provided as an ant script for flexibility and to illustrate the involved ressources. This is a cross-platform denial-of-service java exploit, caused by fact that the pointbase...
Update JBoss 308 & 321: Remote Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Adam, thanks for the question, here is the answer: just downloaded the 3.0.8 from Jboss.org and changed the port of the exploit code from 1701 to 1476, which is the HSQL port in Version 3.0.8 of JBoss. I can confirm that JBOSS 3.0.8 is also...