FreeBSD : twiki -- multiple vulnerabilities (f98dea27-d687-11dd-abd1-0050568452ac)

Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report : XSS vulnerability with URLPARAM variable SEARCH variable allows arbitrary shell command execution %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Gentoo Security Advisory GLSA 200701-23 (cacti)

The remote host is missing updates announced in advisory GLSA 200701-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200701-23 (cacti)

The remote host is missing updates announced in advisory GLSA 200701-23. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200611-22 (horde-ingo)

The remote host is missing updates announced in advisory GLSA 200611-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4101

CVE-2008-4101 affects Vim 3.0 through 7.x prior to 7.2.010. The issue arises from improper escaping in Vim’s keyword/tag handling, allowing user-assisted arbitrary code execution via crafted input when performing certain keystrokes (e.g., ;, Ctrl-], or g]). The connected documents corroborate thi...

p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...

centerim-exec.txt

Application: CenterIM http://www.centerim.org/index.php/MainPage Versions: centerim = 4.22.3 OS: Linux Bug: Execution of shell commands Exploit: remote Date: 15 March 2008 Author: Brian Fonfara w00 eMail: [email protected] Web: newb.kicks-ass.net 1 Bug 2 Exploit ======= 1 Bug ======= Received...

waraxe-2008-SA065.txt

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Debian: Security Advisory (DSA-1364-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1270-1 (openoffice.org)

The remote host is missing an update to openoffice.org announced via advisory DSA 1270-1. Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0002 iDefense...

HP notebooks remote code execution vulnerability (multiple series)

Advisory: ///////// Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer's preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access. Overview: ///////// Software called "HP Info...

HP Compaq Notebooks - ActiveX Remote Code Execution

HP Compaq Notebooks - ActiveX Remote Code Execution !- Advisory: Multiple Hewlett-Packard notebook series are prone to a remote code execution attack. The manufacturer's preinstalled software contains a critical flaw within the software built to support one-touch button quick feature access...

[SECURITY] [DSA 1364-2] New vim packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1364-2 [email protected] http://www.debian.org/security/ dann frazier September 19th, 2007 http://www.debian.org/security/faq - -...

DSA-1364-2 vim - several vulnerabilities

Bulletin has no description...

[SECURITY] [DSA 1364-1] New vim packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1364-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 1st, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1297-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24th, 2007 http://www.debian.org/security/faq -...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

CVE-2007-2438

CVE-2007-2438 targets Vim’s sandbox, where modeline parsing grants access to dangerous functions (writefile, feedkeys, system), enabling user-assisted execution of shell commands and file writes. The issue affects Vim components exposed to modelines and has been addressed in multiple advisories a...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...