1820 matches found
nginx-0.6.38-Heap
A quick way to find out just for verification would be to launch nginx, attach GDB to the worker and target it with the exploit, setting the offset to 0, or some other arbitrary value. It should crash on a piece of code which import os import sys import socket import select import struct import...
IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)
The firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request. C Tenable Network Security, Inc...
RHEL 6 / 7 : mailx (RHSA-2014:1999)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:1999 advisory. The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the...
CentOS 6 / 7 : mailx (CESA-2014:1999)
Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
Scientific Linux Security Update : mailx on SL6.x, SL7.x i386/x86_64 (20141216)
A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771, CVE-2014-7844...
Debian DSA-3104-1 : bsd-mailx - security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
DLA-113-1 bsd-mailx - security update
Bulletin has no description...
mailx: command execution flaw
A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters CVE-2004-2771 and the direct command execution functionality CVE-2014-7844...
Moderate: Red Hat Security Advisory: mailx security update
Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
[SECURITY] [DSA 3104-1] bsd-mailx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)
Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the mail command: CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell...
Advantech EKI-6340 code execution
Shell commands injection in Web interface...
Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (Cisco-SA-20131115-CVE-2013-5556)
A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)
A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...
OpenSSH < 6.6 SFTP (x64) - Command Execution
define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include include include include include include define mina,b ab?a:...
Important: Red Hat Security Advisory: bash Shift_JIS security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and ...
Important: Red Hat Security Advisory: bash security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Re...
Mandriva Linux Security Advisory : bash (MDVSA-2014:186)
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...
Updated bash packages fix CVE-2014-6271
Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...
VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' RCE Vulnerability
VMTurbo Operations Manager is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...