Changetrack 4.3-3 - Local Privilege Escalation

Changetrack 4.3-3 - Local Privilege Escalation TITLE: Changetrack Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA36756 VERIFY ADVISORY: http://secunia.com/advisories/36756/ DESCRIPTION: A vulnerability has been discovered in Changetrack, which can be exploited by malicious, local users...

Changetrack 4.3-3 Local Privilege Escalation Vulnerability

Exploit for linux platform in category local exploits ========================================================== Changetrack 4.3-3 Local Privilege Escalation Vulnerability ========================================================== TITLE: Changetrack Privilege Escalation Vulnerability SECUNIA...

CVE-2008-7125

Vulnerability CVE-2008-7125 affects Ariadne pphoto before 2.6. Remote authenticated users with certain privileges can execute arbitrary shell commands via vectors related to PINP programs and the annotate command. Root cause involves command execution via those vectors; impact is arbitrary code e...

Cross site request forgery (csrf)

Web Management Console Cross-site request forgery CSRF vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using...

CVE-2008-7032

Web Management Console Cross-site request forgery CSRF vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using...

CVE-2008-7032

Technical details about CVE-2008-7032 are not publicly available in the provided documents. Monitor for updates from vendors and security feeds to obtain affected products/versions, impact, exploit status, and remediation.

openSUSE Security Update : netatalk (netatalk-510)

This update of netatalk adds a filter for characters of user-supplied data to papd. Prior to this update it was possible to execute arbitrary shell commands remotely. CVE-2008-5718 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

openSUSE Security Update : jhead (jhead-399)

This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand %NASLMINLEVEL 70300 C Tenab...

[USN-791-3] Smarty vulnerability

=========================================================== Ubuntu Security Notice USN-791-3 June 24, 2009 smarty vulnerability CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies ...

USN-791-3: Smarty vulnerability

It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user...

ASMAX AR 804 GU Router Command Execution

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution

ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution 1. ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When...

ASMAX AR 804 gu Web Management Console Arbitrary Command Exec

Exploit for hardware platform in category remote exploits ============================================================= ASMAX AR 804 gu Web Management Console Arbitrary Command Exec ============================================================= 1. ASMAX 804 gu router is a SOHO class device. It...

ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

DSL router remotely controlled by URL

From The H Security Security researcher Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it’s relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. He has now published securitum.pl further details. Sajdak discovered that it’s easy to add...

nagios -- Command Injection Vulnerability

Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploite...

Nagios 3.0.6 - 'statuswml.cgi' Arbitrary Shell Command Injection

source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running th...

Nagios 3.0.6 - statuswml.cgi Arbitrary Shell Command Injection

Nagios 3.0.6 - statuswml.cgi Arbitrary Shell Command Injection source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute...

Ubuntu: Security Advisory (USN-444-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for samba vulnerabilities USN-460-1

Ubuntu Update for Linux kernel vulnerabilities USN-460-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4601.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for samba vulnerabilities USN-460-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...