[Full-disclosure] [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1251-1 [email protected] http://www.debian.org/security/ Steve Kemp January 21, 2007 -...

[SECURITY] [DSA 1220-1] New pstotext packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1220-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26th, 2006 http://www.debian.org/security/faq -...

[Full-disclosure] [SECURITY] [DSA 1204-1] New ingo1 packages fix arbitrary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1204-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 2nd, 2006 http://www.debian.org/security/faq -...

FreeBSD : ingo -- local arbitrary shell command execution (18a14baa-5ee5-11db-ae08-0008743bf21a)

The Horde team reports a vulnerability within Ingo, the filter management suite. The vulnerability is caused due to inadequete escaping, possibly allowing a local user to execute arbitrary shell commands via procmail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-1021-1 : netpbm-free - insecure program execution

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files...

MyBulletinBoard (MyBB) < 1.1.3 Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Tue Jun 13 12:37:12 CEST 2006 [email protected] Exploit HOWTO - read this before flood my Inbox you bitch! - First you need to create the special user to do this use: ./mybibi.pl --host=http://www.example.com --dir=/mybb -1 this step needs a graph...

[SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1006-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 16th, 2005 http://www.debian.org/security/faq -...

EV0082.txt

New eVuln Advisory: Leif M. Wright's Blog Multiple Vulnerabilities http://evuln.com/vulns/82/summary.html --------------------Summary---------------- eVuln ID: EV0082 CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006 Software: Leif M. Wright's Blog Sowtware's Web Site:...

[eVuln] Leif M. Wright's Blog Multiple Vulnerabilities

New eVuln Advisory: Leif M. Wright's Blog Multiple Vulnerabilities http://evuln.com/vulns/82/summary.html --------------------Summary---------------- eVuln ID: EV0082 CVE: CVE-2006-0843 CVE-2006-0844 CVE-2006-0845 CVE-2006 Software: Leif M. Wright's Blog Sowtware's Web Site:...

[SA18556] Etomite "cij" Shell Command Execution Backdoor Security Issue

TITLE: Etomite "cij" Shell Command Execution Backdoor Security Issue SECUNIA ADVISORY ID: SA18556 VERIFY ADVISORY: http://secunia.com/advisories/18556/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Etomite 0.x http://secunia.com/product/6896/ DESCRIPTION: Luca Ercol...

CVE-2005-1851

A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors...

CVE-2005-1851

CVE-2005-1851 affects the ekg Gadu-Gadu client and its contributed scripts. Umbrella advisories describe insecure temporary file handling and a shell command injection path in contributed scripts (including ekgbot-pre1.py), which could allow an attacker to execute arbitrary commands with the priv...

CVE-2005-1851

Removed by vendor...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

FreeBSD : twiki -- arbitrary shell command execution (196)

The following package needs to be updated: twiki %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgb4af3ede36e911d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.

PMASA-2004-2 Announcement-ID: PMASA-2004-2 Date: 2004-10-12 Summary When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user. Description phpMyAdmin allows to use MIME transformations for displayi...

Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues

Advisory name: SSI & CSS execution in Mewsoft Auction, PHP Classifieds and eFax.com Application: Mewsoft Auction Perl script, PHP Classifieds PHP, eFax.com ASP Date: 14.6.2002 Impact: remote user can execute shell commands & cross site scripting =====================================...

MAGIC Enterprise Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 immutec Security Advisory ID: SA-MAGIC-001 Date: 2001/12/17 Version: 0.2 Magic Enterprise multiple vulnerabilities Affected Software/System: ========================= Vendor : Magic Software http://www.magicsoftware.com Product : Magic Enterprise...

QPopper 4.0.x - PopAuth Trace File Shell Command Execution

QPopper 4.0.x - PopAuth Trace File Shell Command Execution source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctl...

QPopper 4.0.x - PopAuth Trace File Shell Command Execution

source: https://www.securityfocus.com/bid/3710/info Qpopper is a freely available, open source Post Office Protocol server. It is maintained and distributed by Qualcomm. When popauth is executed with the trace option, it does not correctly handle user-supplied input. A user can supply data to the...