Microsoft Windows File/Directory Names Handling Arbitrary Command Injection Vulnerability

Description Microsoft Windows is prone to a remote command-injection that affects the Windows Shell component vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands with user-level privileges. This may...

CVE-2012-2395

Incomplete blacklist vulnerability in actionpower.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 username or 2 password fields to the powersystem method in the xmlrpc API...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 34502 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.1.1 an...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 33080 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.7 an...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 30122 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.3 an...

[SECURITY] [DSA 2453-1] gajim security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-1 [email protected] http://www.debian.org/security/ Nico Golde April 16, 2012 http://www.debian.org/security/faq -...

Debian DSA-2453-1 : gajim - several vulnerabilities

Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to...

FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities

This host is running FreePBX and is prone to multiple cross site scripting and remote command execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfreepbxmultxssnrcevuln.nasl 5977 2017-04-19 09:02:22Z teissa $ FreePBX Multiple Cross Site Scripting and Remote Command Execution...

Debian Security Advisory DSA 2380-1 (foomatic-filters)

The remote host is missing an update to foomatic-filters announced via advisory DSA 2380-1. OpenVAS Vulnerability Test $Id: deb23801.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2380-1 foomatic-filters Authors: Thomas Reinke Copyright: Copyright c 2012...

Debian: Security Advisory (DSA-2380-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...

Plone Zope SAXutils Command Execution

Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...

Self-extracting archive (SFX) as Creative Virus Handler

Self-extracting archive SFX as Creative Virus Handler Yesterday I Found and interesting article about "Self-extracting archive SFX" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not al...

Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE :...

foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution

source: https://www.securityfocus.com/bid/48982/info foomatic-gui is prone to a remote arbitrary shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary shell commands in the context of t...

[SECURITY] Fedora 14 Update: fabric-0.9.7-1.fc14

Fabric is a simple Pythonic remote deployment tool which is designed to upl oad files to, and run shell commands on, a number of servers in parallel or serially...

Oracle Java multiple security vulnerabilities

Multiple integer overflows on ICC profiles parsing. Java Web Start shell commands execution...

Ubuntu 10.10 : language-selector vulnerability (USN-1115-1)

Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Note that Tenable Network...

klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution

klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution source: https://www.securityfocus.com/bid/47924/info klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute...

Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...