1764 matches found
Important: Red Hat Security Advisory: bash security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Re...
Mandriva Linux Security Advisory : bash (MDVSA-2014:186)
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...
Updated bash packages fix CVE-2014-6271
Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...
VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' RCE Vulnerability
VMTurbo Operations Manager is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Citadel Variant Opens Backdoor After Malware is Removed
When hackers have compromised a valuable computer, maintaining persistence on that machine is the key to maintaining access to its resources and stored assets. A new variant of the Citadel banking malware has been discovered that comes with a feature that allows the attacker to leverage remote...
Updated asterisk packages fix security vulnerabilities
Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...
Mandriva Linux Security Advisory : asterisk (MDVSA-2014:138)
Multiple vulnerabilities has been discovered and corrected in asterisk : Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-404...
Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35510/info Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index. Attackers may exploit this issue to execute arbitrary...
Multiple D-Link Devices - OS-Command Injection via UPnP Interface
No description provided by source. Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01...
Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15375/info Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input. By modifying a text file to include local...
GNU a2ps 4.13 File Name Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to execute...
Prodder 0.4 Arbitrary Shell Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18068/info Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute...
Leif M. Wright everythingform.cgi 2.0 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied input to the 'config' field. As a...
BlueCat Networks Adonis 5.0.2 .8 CLI Remote Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25342/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input. An attacker with administrative privileges can explo...
MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...
GForge 3.x Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13716/info GForge is affected by a remote command execution vulnerability. This issue arises because the application fails to sanitize user-supplied data passed through URI parameters. An attacker can supply arbitrary she...
Adobe Acrobat Reader (UNIX) 5.0 6,Xpdf 0.9x Hyperlinks Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/7912/info A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled within the viewer. Allegedly, by placing a specially...
JaxUltraBB <= 2.0 Topic Reply Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo JaxUltraBB v2.0 Topic Reply Command Execution Exploit\r\n; echo by BlackHawk [email protected]\r\n; echo Thanks to rgod for the php code and Marty for the Love\r\n; echo You need a valid Username and Password to get ...
WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5048/info WebBBS does not sufficiently filter shell metacharacters from CGI parameters. As a result, remote attackers may execute arbitrary commands on the underlying shell of the system hosting the vulnerable software...
Linksys WRT160N - Multiple Vulnerabilities
No description provided by source. Device Name: Linksys WRT160Nv2 Vendor: Linksys/Cisco ============ Device Description: ============ Best For: Delivers plenty of speed and coverage, so large groups of users can go online, transfer large files, print, and stream stored media Features: Fast...