[ GLSA 200803-06 ] SWORD: Shell command injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

SWORD: Shell command injection

Background SWORD is a library for Bible study software. Description Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact A remote attacker could provide specially crafted input to a...

Debian: Security Advisory (DSA-957-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 957-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-1. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 957-2 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-2. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 760-1 (ekg)

The remote host is missing an update to ekg announced via advisory DSA 760-1. Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-1850...

Debian: Security Advisory (DSA-760-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 957-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-1. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

GLSA-200704-18 : Courier-IMAP: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200704-18 Courier-IMAP: Remote execution of arbitrary code CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact : A remote attacker could...

Courier-IMAP: Remote execution of arbitrary code

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...

CVE-2007-1490

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1490

CVE-2007-1490 affects Avaya equipment (S87XX, S8500, S8300 prior to CM 3.1.3 and Avaya SES). The issue is shell command injection via shell metacharacters in unspecified maintenance web pages/entry points, exploitable by remote authenticated users. Affected component/functionality is unspecified;...

GLSA-200611-22 : Ingo H3: Folder name shell command injection

The remote host is affected by the vulnerability described in GLSA-200611-22 Ingo H3: Folder name shell command injection Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact : A remote authenticated attacker could craft a malicious rule which could lead to the executio...

GLSA-200609-20 : DokuWiki: Shell command injection and Denial of Service

The remote host is affected by the vulnerability described in GLSA-200609-20 DokuWiki: Shell command injection and Denial of Service Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact : A remote attacker...

Update Protection against AWStats "migrate" Shell Command Injection

AWStats is an open source web analystic reporting tool, suitable for analyzing data from internet services. A vulnerability has been identified in AWStats due to improper validation of user input. The vulnerability may be exploited by attackers to execute arbitrary commands. July 5, 2006On July 5...

FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)

An Opera Advisory reports : Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...

FreeBSD : firefox & mozilla -- command line URL shell command injection (2e28cefb-2aee-11da-a263-0001020eed82)

A Secunia Advisory reports : Peter Zelezny has discovered a vulnerability in Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the shell script used to launch Firefox parsing shell commands that are enclosed within backticks in t...

FreeBSD : libgadu -- multiple vulnerabilities (3b4a6982-0b24-11da-bc08-0001020eed82)

Wojtek Kaniewski reports : Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...

phpRaid-1.txt

Kurdish Security Advisory phpRaid Remote File Include PHPBB : "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com & [email protected] Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 "...

AWStats 6.5 - 'migrate' Remote Shell Command Injection

!/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org 65.99.197.147 53377 id uid=81apach...