[SA14384] TWiki ImageGalleryPlugin Shell Command Injection

TITLE: TWiki ImageGalleryPlugin Shell Command Injection SECUNIA ADVISORY ID: SA14384 VERIFY ADVISORY: http://secunia.com/advisories/14384/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: ImageGalleryPlugin 1.x TWiki plugin http://secunia.com/product/4707/...

TWiki ImageGalleryPlugin Shell Command Injection

According to its version number, the instance of TWiki running on the remote host is affected by a shell command injection vulnerability in the ImageGalleryPlugin component. In addition, the wording of a 'robustness' patch released by the vendor indicates this version may be affected by other inp...

SUSE-SA:2002:036: mod_php4

The remote host is missing the patch for the advisory SUSE-SA:2002:036 modphp4. PHP is a well known and widely used web programming language. If a PHP script runs in 'safe mode' several restrictions are applied to it including limits on execution of external programs. An attacker can pass shell...

Дырка в библиотеке horde

При обработке поля From: не проверяется наличие метасимволов, что позволяет вставить шелл-команды в письмо...

Tony Greenwood WebWho+ 1.1 - Remote Command Execution

Tony Greenwood WebWho+ 1.1 - Remote Command Execution source: https://www.securityfocus.com/bid/892/info WebWho+ is a free cgi script written by Tony Greenwood for executing whois queries via the www. Though it does perform checks for shell escape characters on some parameters, it misses the 'typ...