1764 matches found
CVE-2008-0148
CVE-2008-0148 affects TUTOS 1.3, where access to php/admin/cmd.php is not restricted, allowing remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. The vulnerability is described with a base CVSSv2 score of 10.0 (HIGH) and a complete impact on confidenti...
unp: Arbitrary command execution
Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...
Ubuntu 5.10 / 6.06 LTS / 6.10 : openoffice.org(2)/-amd64, ia32-libs-openoffice.org vulnerabilities (USN-444-1)
A stack overflow was discovered in OpenOffice.org's StarCalc parser. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. CVE-2007-0238 A flaw was discovered in OpenOffice.org's link handling code. If a user were...
CVE-2003-1405
Technical details about CVE-2003-1405 are not publicly provided in the supplied documents; monitor for updates.
HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection
The version of the HP Linux Imaging and Printing System hpssd daemon on the remote host fails to sanitize user-supplied input before appending it to a commandline when calling sendmail. Using a specially crafted email address, an unauthenticated, remote attacker can leverage this issue to execute...
VMware vielib.dll StartProcess command execution
Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function...
VMware vielib.dll StartProcess command execution
Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function ...
VMware vielib.dll StartProcess command execution
Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function...
ewire Payment Client 1.60/1.70 - Command Execution
source: https://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands on an...
ewire Payment Client 1.601.70 - Command Execution
ewire Payment Client 1.601.70 - Command Execution source: https://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage th...
ClamAV milter popen command injection
Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...
ClamAV milter popen command injection
Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...
ClamAV milter popen command injection
Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...
Debian DSA-1366-1 : clamav - several vulnerabilities
Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting i...
irc/bitchx -- multiple vulnerabilities
bannedit reports: Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable. Nico Golde reports: There is a security issue in ircii-pana in bitchx' hostname command. The ehostname function...
BlueCat Networks Adonis 5.0.2.8 - CLI Privilege Escalation
BlueCat Networks Adonis 5.0.2.8 - CLI Privilege Escalation source: https://www.securityfocus.com/bid/25342/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input. An attacker with...
SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln
Exploit for unknown platform in category web applications ================================================================ SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln ================================================================ SquirrelMail G/PGP Encryption Plug-in Remote...
Crlf injection
Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the 1 IN and 2 OUT parameters...
CVE-2007-3621
Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the 1 IN and 2 OUT parameters...
CVE-2007-3621
CVE-2007-3621 involves multiple CRLF injection flaws in the AsteriDex 3.0 and earlier versions, exploitable through the callboth.php IN/OUT parameters to potentially execute arbitrary shell commands on the remote host. The vulnerability stems from inadequate input sanitization before relaying dat...