DSA-2503-1 bcfg2 - shell command injection

Bulletin has no description...

ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec in multiple...

Cobbler xmlrpc API power_system Method Remote Shell Command Execution

According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'powersystem' method. Successful exploitation requires an authenticated user an...

RedHat Update for logrotate RHSA-2011:0407-01

Check for the Version of logrotate OpenVAS Vulnerability Test RedHat Update for logrotate RHSA-2011:0407-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Update for logrotate RHSA-2011:0407-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

HP SAN/iQ < 9.5 Root Shell Command Injection

The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...

IBM Report: Mobile Attacks, Phishing Attacks Mount in 2011

Spam volume is down, there are fewer unpatched software holes and oftware application developers did a better job of writing secure code over the last year. But IBM’s X-Force Trend and Risk Report still found plenty to worry about in 2011, according to a copy of the report released this week...

Debian Security Advisory DSA 2423-1 (movabletype-opensource)

The remote host is missing an update to movabletype-opensource announced via advisory DSA 2423-1. OpenVAS Vulnerability Test $Id: deb24231.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2423-1 movabletype-opensource Authors: Thomas Reinke Copyright:...

Debian DSA-2423-1 : movabletype-opensource - several vulnerabilities

Several vulnerabilities were discovered in Movable Type, a blogging system : Under certain circumstances, a user who has 'Create Entries' or'Manage Blog' permissions may be able to read known files on the local file system. The file management system contains shell command injection...

DSA-2423-1 movabletype-opensource - several

Bulletin has no description...

OpenEMR 4.1 - &#039;/Interface/fax/fax_dispatch.php?File&#039; &#039;exec()&#039; Call Arbitrary Shell Command Execution

source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...

Gitorious Arbitrary Command Execution

Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Debian DSA-2380-1 : foomatic-filters - shell command injection

It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers. CVE-2011-2697 was assigned to the vulnerability in the Perl implementation included in lenny, a...

[SECURITY] [DSA 2380-1] foomatic-filters security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2380-1 [email protected] http://www.debian.org/security/ Florian Weimer January 04, 2012 http://www.debian.org/security/faq -...

DSA-2380-1 foomatic-filters - shell command injection

Bulletin has no description...

Linux Kernel 2.6.22 Local root Exploit

No description provided by source. cat /tmp/getsuid.c EOF include include include include include include include include char payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n";...

klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution

klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution source: https://www.securityfocus.com/bid/47924/info klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

RHEL 6 : logrotate (RHSA-2011:0407)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2011:0407 advisory. The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailin...

logrotate: Shell command injection by using the shred configuration directive

The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...