CSO/x86 - execve("/bin/sh", ..., NULL) - 43 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / include "sys/types.h" include "stdio.h" char scode = "\x31\xc9" // xor %ecx,%ecx "\x89\xe3" // mov %esp,%ebx "\x68\xd0\x8c\x97\xff" // push $0xff978cd0...

HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)

The 'webappmon.exe' CGI script included with the version of HP OpenView Network Node Manager installed on the remote host fails to sanitize user input of shell metacharacters before using it to execute external programs. An unauthenticated, remote attacker can leverage this issue to run arbitrary...

Mandrake Security Advisory MDVSA-2009:033 (sudo)

The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. OpenVAS Vulnerability Test $Id: mdksa2009033.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:033 sudo Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:033 (sudo)

The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)

Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses...

Debian DSA-1708-1 : git-core - shell command injection

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...

DSA-1708-1 git-core - remote code execution

Bulletin has no description...

Mandrake Security Advisory MDVSA-2009:005 (xterm)

The remote host is missing an update to xterm announced via advisory MDVSA-2009:005. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

openSUSE 10 Security Update : jhead (jhead-5899)

This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand %NASLMINLEVEL 70300 C Tenab...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-200812-20 : phpCollab: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200812-20 phpCollab: Multiple vulnerabilities Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not properly sanitized before being used ...

NULL FTP Server 1.1.0.7 - 'Site' Command Injection

vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticated user to execute arbitrary shell...

NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln

Exploit for unknown platform in category remote exploits ============================================================== NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln ============================================================== vuln.sg Vulnerability Research Advisory NULL FTP...

NULL FTP Server 1.1.0.7 - Site Command Injection

NULL FTP Server 1.1.0.7 - Site Command Injection vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows ...

nullftp-inject.txt

vuln.sg Vulnerability Research Advisory NULL FTP Server SITE Parameters Command Injection Vulnerability by Tan Chew Keong Release Date: 2008-12-05 Summary A vulnerability has been found in NULL FTP Server. When exploited, this vulnerability allows an authenticated user to execute arbitrary shell...

[Backports-security-announce] Security Update for vim

Norbert Tretkowski uploaded new packages for vim which fixed the following security problems: CVE-2008-4101, Debian Bug 500381 Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystro...

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...