CenterIM <= 4.22.3 - Remote Command Execution Vulnerability

No description provided by source. Application: CenterIM http://www.centerim.org/index.php/MainPage Versions: centerim = 4.22.3 OS: Linux Bug: Execution of shell commands Exploit: remote Date: 15 March 2008 Author: Brian Fonfara w00 eMail: [email protected] Web: newb.kicks-ass.net 1 Bug 2...

Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An...

YaBB 9.11.2000 search.pl Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1921/info YaBB Yet Another Bulletin Board is a popular perl-based bulletin board scripting package. search. pl, one of several perl scripts which comprise YaBB, fails to properly validate user input which arguments a call...

Joomla JomSocial Component 2.6 - Code Execution Exploit

No description provided by source. !/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note that in order to be...

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads to a failure to properly filte...

Brian Stanback bslist.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the user-supplied email addresses...

Brian Stanback bsguest.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. The script fails to properly filter ';' characters from the...

IBM Net.Commerce 2.0/3.x/4.x orderdspc.d2w order_rn Option SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/2350/info IBM's Net.Commerce ecommerce platform supports macros which, by default, do not properly validate requests in user-supplied input. A thoughtfully-formed request to a vulnerable script can cause the server to...

ewire Payment Client 1.60/1.70 Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to...

DotBr 0.1 System.PHP3 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell comman...

DotBr 0.1 Exec.PHP3 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands...

GLSA-201406-25 : Asterisk: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-25 Asterisk: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details. Impact : A remote attacker that gains access to a privileged Asterisk...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

Deserialization of untrusted data

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

[SECURITY] [DSA 2946-1] python-gnupg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

Debian DSA-2946-1 : python-gnupg - security update

Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard GPG. Insufficient sanitising could lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Debian Security Advisory DSA 2946-1 (python-gnupg - security update)

Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard GPG. Insufficient sanitising could lead to the execution of arbitrary shell commands. OpenVAS Vulnerability Test $Id: deb2946.nasl 6995 2017-08-23 11:52:03Z teissa $ Auto-generated from advisory DSA 2946-1...

Remote Command Injection in Ruby Gem sfpagent 0.4.14

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSONbody input is passed directly to the system shell on lin...

Ruby Gem sfpagent 0.4.14 Command Injection Vulnerability

Ruby Gem sfpagent version 0.4.14 suffers from a remote command injection vulnerability. Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable...