Afuse 'afuse.c' SHELL命令注入漏洞

BUGTRAQ ID: 30245 CVE ID：CVE-2008-2232 CNCVE ID：CNCVE-20082232 Afuse是一款类似autofs工具的文件系统自动挂接程序。 Afuse不正确处理命令行参数，本地攻击者可以利用漏洞以高特权执行任意命令。 afuse接收如下形式的命令行： afuse /path -o mounttemplate="mount-script %m %r" \ unmounttemplate="unmount-script %m %r"...

php escapeshellcmd multibyte encoding vulnerability analysis and extension-a vulnerability warning-the black bar safety net

漏洞 公告 在 http://www.sektioneins.de/advisories/SE-2008-03.txt PHP 5 = 5.2.5 PHP 4 = 4.4.8 Some allow as GBK, EUC-KR, SJIS, etc. wide byte character set systems may be affected by this impact, the impact is still very large, the domestic virtual host should be the pass to kill, in testing this...

Vim多个Shell命令注入漏洞

BUGTRAQ ID: 29715 VIM是一款免费开放源代码文本编辑器，可使用在Unix/Linux操作系统下。 VIM的filetype.vim、tar.vim、zip.vim、xpm.vim、xpm2.vim、gzip.vim和netrw.vim脚本没有正确地转义传送给execute语句的文件名中的特殊字符，如果用户受骗打开了恶意文件的话，就可能导致向受影响系统注入并执行任意SHELL命令。 VIM Development Group VIM 7.1.314 VIM Development Group VIM 6.4 VIM Development Group...

Important: Red Hat Security Advisory: Red Hat Directory Server 7.1 Service Pack 5 security update

An updated redhat-ds package that addresses a security issue is now available as Red Hat Directory Server 7.1, Service Pack 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Directory Server is an LDAPv3-compliant directory server. A...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

GLSA-200803-06 : SWORD: Shell command injection

The remote host is affected by the vulnerability described in GLSA-200803-06 SWORD: Shell command injection Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the 'range' parameter before processing it. Impact : A remote attacker...

[ GLSA 200803-06 ] SWORD: Shell command injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

SWORD: Shell command injection

Background SWORD is a library for Bible study software. Description Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact A remote attacker could provide specially crafted input to a...

Debian Security Advisory DSA 760-1 (ekg)

The remote host is missing an update to ekg announced via advisory DSA 760-1. Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-1850...

Debian Security Advisory DSA 957-2 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-2. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 957-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-1. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 957-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-1. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian: Security Advisory (DSA-957-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-760-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-200704-18 : Courier-IMAP: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200704-18 Courier-IMAP: Remote execution of arbitrary code CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact : A remote attacker could...

Courier-IMAP: Remote execution of arbitrary code

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...

CVE-2007-1490

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1490

CVE-2007-1490 affects Avaya equipment (S87XX, S8500, S8300 prior to CM 3.1.3 and Avaya SES). The issue is shell command injection via shell metacharacters in unspecified maintenance web pages/entry points, exploitable by remote authenticated users. Affected component/functionality is unspecified;...

GLSA-200611-22 : Ingo H3: Folder name shell command injection

The remote host is affected by the vulnerability described in GLSA-200611-22 Ingo H3: Folder name shell command injection Ingo H3 fails to properly escape shell metacharacters in procmail rules. Impact : A remote authenticated attacker could craft a malicious rule which could lead to the executio...