DSA-2380-1 foomatic-filters - shell command injection

Bulletin has no description...

RHEL 6 : logrotate (RHSA-2011:0407)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2011:0407 advisory. The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailin...

logrotate: Shell command injection by using the shred configuration directive

The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...

Moderate: Red Hat Security Advisory: logrotate security update

An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Debian DSA-2182-1 : logwatch - shell command injection

Dominik George discovered that Logwatch does not guard against shell meta-characters in crafted log file names such as those produced by Samba. As a result, an attacker might be able to execute shell commands on the system running Logwatch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 2182-1] logwatch security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2182-1 [email protected] http://www.debian.org/security/ March 04, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package :...

FreeBSD : rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability (1cae628c-3569-11e0-8e81-0022190034c0)

Secunia reports : Input passed via an email from address is not properly sanitised in the 'deliver' function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2010-3037

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing UVC System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway, and...

CVE-2010-3037

CVE-2010-3037 affects Cisco Unified Videoconferencing (UVC) products (5110/5115 Linux; 3545, 5230 VxWorks; 3527 PRI Gateway; 3522 BRI Gateway; 3515 MCU). The flaw is a remote command-injection in the web interface via the /goform/websXMLAdminRequestCgi.cgi, allowing an authenticated administrator...

Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability

No description provided by source. A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a...

Debian DSA-1990-1 : trac-git - shell command injection

Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA-1990-1] New trac-git packages fix code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1990-1 [email protected] http://www.debian.org/security/ Florian Weimer February 03, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

SystemTap 'stap-server' Remote Shell Command Injection Vulnerability

This host has SystemTap installed and is prone to Arbitrary Command Execution vulnerability OpenVAS Vulnerability Test $Id: secpodsystemtapshellcmdinjectionvuln.nasl 5401 2017-02-23 09:46:07Z teissa $ SystemTap 'stap-server' Remote Shell Command Injection Vulnerability Authors: Madhuri D Copyrigh...

SystemTap 'stap-server' Remote Shell Command Injection Vulnerability

SystemTap is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SAP MaxDB Remote Arbitrary Commands Execution (CVE-2008-0244)

SAP MaxDB is an open source relational database management system RDBMS developed and supported by SAP AG. MaxDB is targeted for large SAP environments such as mySAP Business Suite and other applications that require enterprise level database functionality. MaxDB is available for the most promine...

TWiki rev Parameter Shell Command Injection (CVE-2005-2877)

TWiki is a flexible enterprise collaboration platform developed in Perl. The software is a set of CGI programs that are loaded and executed by an HTTP server. TWiki is a structured, community developed documentation framework. It typically runs as a document management system, or a knowledge base...

Debian Security Advisory DSA 1891-1 (changetrack)

The remote host is missing an update to changetrack announced via advisory DSA 1891-1. OpenVAS Vulnerability Test $Id: deb18911.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1891-1 changetrack Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...