OpenSSH X Connections Session Hijacking Vulnerability

OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

OpenSSH X Connections Session Hijacking Vulnerability

OpenSSH is prone to a vulnerability that allows attackers to hijack forwarded X connections. Successfully exploiting this issue may allow an attacker run arbitrary shell commands with the privileges of the user running the affected application. This issue affects OpenSSH 4.3p2; other versions may...

DSA-2021-1 spamass-milter - remote command execution

Bulletin has no description...

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability

SpamAssassin Milter Plugin is prone to a remote command- injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with root privileges. SpamAssassin Milter Plugin 0.3.1 is affected; other...

Code injection

Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string...

CVE-2009-4646

CVE-2009-4646 affects the Accellion Secure File Transfer Appliance. The available connected records describe a static code injection vulnerability in the appliance’s administrative web interface that allows remote authenticated administrators to inject arbitrary shell commands by appending them t...

SystemTap 1.0 - stat-server Arbitrary Command Injection

SystemTap 1.0 - stat-server Arbitrary Command Injection source: https://www.securityfocus.com/bid/37842/info SystemTap is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrar...

FreeBSD Ports: pear-Net_Ping

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GLSA-200911-06 : PEAR Net_Traceroute: Command injection

The remote host is affected by the vulnerability described in GLSA-200911-06 PEAR NetTraceroute: Command injection Pasquale Imperato reported that the $host parameter to the traceroute function in Traceroute.php is not properly sanitized before being passed to exec. Impact : A remote attacker cou...

CVE-2009-4024

Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...

Design/Logic Flaw

Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...

CVE-2009-4025

Argument injection vulnerability in the traceroute function in Traceroute.php in the NetTraceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-4024

CVE-2009-4024 affects php-net-ping (PEAR Net_Ping). The vulnerability is in Ping.php, where insufficient input sanitising allows remote attackers to inject commands via the host parameter, enabling remote code execution. Affected versions are prior to 2.4.5; multiple advisories (Debian DSA-1949-1...

Design/Logic Flaw

Unspecified vulnerability in the Random Images maagrandomimage extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2009-3819

Unspecified vulnerability in the Random Images maagrandomimage extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2009-3819

Unspecified vulnerability in the Random Images maagrandomimage extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors...

Mail Content Firefox Command Line URL Shell Command Injection (CVE-2005-2968)

The Firefox web browser is an application designed for tasks related to browsing the web, such as displaying HTML pages, downloading files, and so on. On Unix-like systems, Firefox is usually invoked through the start-up script firefox, rather than by directly executing the firefox-bin binary. Th...

FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution

No description provided by source. Security Advisory ----------------- FlatPress 0.804-0.812.1 Local File Inclusion to Remote Command Execution Researcher Information ---------------------- Discovered by: Giuseppe Zmax Fuggiano Website: http://www.giusef.net Contact:...

Changetrack 4.3-3 Privilege Escalation

TITLE: Changetrack Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA36756 VERIFY ADVISORY: http://secunia.com/advisories/36756/ DESCRIPTION: A vulnerability has been discovered in Changetrack, which can be exploited by malicious, local users to gain escalated privileges. The application...

Changetrack 4.3-3 Local Privilege Escalation Vulnerability

No description provided by source. TITLE: Changetrack Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA36756 VERIFY ADVISORY: http://secunia.com/advisories/36756/ DESCRIPTION: A vulnerability has been discovered in Changetrack, which can be exploited by malicious, local users to gain...