Nagios statuswml.cgi Command Injection

Added: 04/13/2010 CVE: CVE-2009-2288 BID: 35464 OSVDB: 55281 Background Nagios is a network host and service monitoring and management system. Problem The Nagios statuswml.cgi script passes unsanitized data to the ping and traceroute commands, resulting in shell command execution via...

Debian DSA-1990-1 : trac-git - shell command injection

Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1891-1 : changetrack - shell command execution

Marek Grzybowski discovered that changetrack, a program to monitor changes to configuration files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters. %NASLMINLEVEL 70300 C Tenable Network...

[SECURITY] [DSA-1990-1] New trac-git packages fix code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1990-1 [email protected] http://www.debian.org/security/ Florian Weimer February 03, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

[SECURITY] [DSA-1990-2] New trac-git package fixes regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1990-2 [email protected] http://www.debian.org/security/ Stefan Fritsch February 04, 2010 http://www.debian.org/security/faq -...

SystemTap 'stap-server' Remote Shell Command Injection Vulnerability

This host has SystemTap installed and is prone to Arbitrary Command Execution vulnerability OpenVAS Vulnerability Test $Id: secpodsystemtapshellcmdinjectionvuln.nasl 5401 2017-02-23 09:46:07Z teissa $ SystemTap 'stap-server' Remote Shell Command Injection Vulnerability Authors: Madhuri D Copyrigh...

SystemTap 'stap-server' Remote Shell Command Injection Vulnerability

SystemTap is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : typo3 -- multiple vulnerabilities in TYPO3 Core (6693bad2-ca50-11de-8ee8-00215c6a37bb)

TYPO3 develop team reports : Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessi...

SAP MaxDB Remote Arbitrary Commands Execution (CVE-2008-0244)

SAP MaxDB is an open source relational database management system RDBMS developed and supported by SAP AG. MaxDB is targeted for large SAP environments such as mySAP Business Suite and other applications that require enterprise level database functionality. MaxDB is available for the most promine...

typo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports: Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessio...

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: Apache Solr Search solr, Random Images maagrandomimage, Flagbit Filebase fbfilebase, freeCap CAPTCHA srfreecap Release Date: Oktober 20, 2009 Please read first: This Collective Security Bulletin CSB is a listin...

TWiki rev Parameter Shell Command Injection (CVE-2005-2877)

TWiki is a flexible enterprise collaboration platform developed in Perl. The software is a set of CGI programs that are loaded and executed by an HTTP server. TWiki is a structured, community developed documentation framework. It typically runs as a document management system, or a knowledge base...

Debian Security Advisory DSA 1891-1 (changetrack)

The remote host is missing an update to changetrack announced via advisory DSA 1891-1. OpenVAS Vulnerability Test $Id: deb18911.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1891-1 changetrack Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian: Security Advisory (DSA-1891-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1891-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 22, 2009 http://www.debian.org/security/faq -...

openSUSE Security Update : jhead (jhead-399)

This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand %NASLMINLEVEL 70300 C Tenab...

Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. Note that for an exploit to succeed,...

Important: Red Hat Security Advisory: nagios security update

Updated nagios packages that fix one security issue are now available for the Red Hat HPC Solution. This update has been rated as having important security impact by the Red Hat Security Response Team. Nagios is a program that can monitor hosts and services on your network. It can send email or...