Gentoo Security Advisory GLSA 200701-23 (cacti)

The remote host is missing updates announced in advisory GLSA 200701-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200611-22 (horde-ingo)

The remote host is missing updates announced in advisory GLSA 200611-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200609-20 (dokuwiki)

The remote host is missing updates announced in advisory GLSA 200609-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200609-20 (dokuwiki)

The remote host is missing updates announced in advisory GLSA 200609-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200701-23 (cacti)

The remote host is missing updates announced in advisory GLSA 200701-23. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200611-22 (horde-ingo)

The remote host is missing updates announced in advisory GLSA 200611-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200803-06 (sword)

The remote host is missing updates announced in advisory GLSA 200803-06. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4101

CVE-2008-4101 affects Vim 3.0 through 7.x prior to 7.2.010. The issue arises from improper escaping in Vim’s keyword/tag handling, allowing user-assisted arbitrary code execution via crafted input when performing certain keystrokes (e.g., ;, Ctrl-], or g]). The connected documents corroborate thi...

xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )

== xoops-1.3.10 shell command execute vulnerability causing snoopy class == Author: geinblues geinblues at gmail dot com DATE: 9.7.2008 Site: http://enterblue.net/x90c/ Risk: Midium == 0 Vulnerability Tracing Tracing BREAK 0 BREAK 6 /xoops-1.3.10/html/class/snoopy.class.php...

CVE-2008-3904

src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment LXDE allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...

Afuse afuse.c文件Shell命令注入漏洞

BUGTRAQ ID: 30245 CVECAN ID: CVE-2008-2232 Afuse是使用FUSE在用户域实现的自动加载文件系统。 Afuse没有正确地过滤文件名便将其用在了system调用中。如果能够读访问afuse文件系统的攻击者使用了类似于以下的路径的话： /path/";arbitrary command;" /path/arbitrary command 则从注册为Afuse加载的目录请求上述特制文件就会导致以提升的权限执行任意命令。 Jacob Bower Afuse 0.2 Debian ------...

Afuse 'afuse.c' SHELL命令注入漏洞

BUGTRAQ ID: 30245 CVE ID：CVE-2008-2232 CNCVE ID：CNCVE-20082232 Afuse是一款类似autofs工具的文件系统自动挂接程序。 Afuse不正确处理命令行参数，本地攻击者可以利用漏洞以高特权执行任意命令。 afuse接收如下形式的命令行： afuse /path -o mounttemplate="mount-script %m %r" \ unmounttemplate="unmount-script %m %r"...

php escapeshellcmd multibyte encoding vulnerability analysis and extension-a vulnerability warning-the black bar safety net

漏洞 公告 在 http://www.sektioneins.de/advisories/SE-2008-03.txt PHP 5 = 5.2.5 PHP 4 = 4.4.8 Some allow as GBK, EUC-KR, SJIS, etc. wide byte character set systems may be affected by this impact, the impact is still very large, the domestic virtual host should be the pass to kill, in testing this...

Vim多个Shell命令注入漏洞

BUGTRAQ ID: 29715 VIM是一款免费开放源代码文本编辑器，可使用在Unix/Linux操作系统下。 VIM的filetype.vim、tar.vim、zip.vim、xpm.vim、xpm2.vim、gzip.vim和netrw.vim脚本没有正确地转义传送给execute语句的文件名中的特殊字符，如果用户受骗打开了恶意文件的话，就可能导致向受影响系统注入并执行任意SHELL命令。 VIM Development Group VIM 7.1.314 VIM Development Group VIM 6.4 VIM Development Group...

vim -- Vim Shell Command Injection Vulnerabilities

Rdancer.org reports: Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file...

Advisory SE-2008-03: PHP Multibyte Shell Command Escaping Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP Multibyte Shell Command Escaping Bypass Vulnerability Release Date: 2008/05/06 Last Modified: 2008/05/06 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 5 =...

Important: Red Hat Security Advisory: Red Hat Directory Server 7.1 Service Pack 5 security update

An updated redhat-ds package that addresses a security issue is now available as Red Hat Directory Server 7.1, Service Pack 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Red Hat Directory Server is an LDAPv3-compliant directory server. A...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...