F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞

BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求，如果登录用户拥有Resource Manager或Administrator权限的话，就可以注入任意Perl代码，生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3：...

rpc.ypupdated command injection vulnerability

Added: 03/28/2008 CVE: CVE-1999-0208 BID: 1749 OSVDB: 11517 Background Network Information Service NIS is a distributed database that allows you to maintain consistent configuration files throughout your network. rpc.ypupdated is an NIS service which is responsible for duplicating information fro...

centerim-exec.txt

Application: CenterIM http://www.centerim.org/index.php/MainPage Versions: centerim = 4.22.3 OS: Linux Bug: Execution of shell commands Exploit: remote Date: 15 March 2008 Author: Brian Fonfara w00 eMail: [email protected] Web: newb.kicks-ass.net 1 Bug 2 Exploit ======= 1 Bug ======= Received...

GLSA-200803-06 : SWORD: Shell command injection

The remote host is affected by the vulnerability described in GLSA-200803-06 SWORD: Shell command injection Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the 'range' parameter before processing it. Impact : A remote attacker...

[ GLSA 200803-06 ] SWORD: Shell command injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

SWORD: Shell command injection

Background SWORD is a library for Bible study software. Description Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact A remote attacker could provide specially crafted input to a...

DSA-1508-1 sword - arbirary shell command execution

Bulletin has no description...

Debian Security Advisory DSA 1465-1 (apt-listchanges)

The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

waraxe-2008-SA065.txt

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Coppermine Photo Gallery 1.4.14 - Remote Command Execution

Coppermine Photo Gallery 1.4.14 - Remote Command Execution waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web:...

[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Coppermine Photo Gallery 1.4.14 - Remote Command Execution

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Debian Security Advisory DSA 1315-1 (libphp-phpmailer)

The remote host is missing an update to libphp-phpmailer announced via advisory DSA 1315-1. OpenVAS Vulnerability Test $Id: deb13151.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1315-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 957-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-1. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian: Security Advisory (DSA-1364-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-957-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 957-2 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-2. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 1270-1 (openoffice.org)

The remote host is missing an update to openoffice.org announced via advisory DSA 1270-1. Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0002 iDefense...

Debian Security Advisory DSA 1021-1 (netpbm-free)

The remote host is missing an update to netpbm-free announced via advisory DSA 1021-1. Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of...

Debian Security Advisory DSA 760-1 (ekg)

The remote host is missing an update to ekg announced via advisory DSA 760-1. Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-1850...