Brian Stanback bsguest.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. The script fails to properly filter ';' characters from the...

Brian Stanback bslist.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the user-supplied email addresses...

DotBr 0.1 Exec.PHP3 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands...

Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An...

Leif M. Wright everythingform.cgi 2.0 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied input to the 'config' field. As a...

GNU a2ps 4.13 File Name Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to execute...

Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15375/info Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input. By modifying a text file to include local...

GLSA-201406-25 : Asterisk: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-25 Asterisk: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers below for details. Impact : A remote attacker that gains access to a privileged Asterisk...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

Deserialization of untrusted data

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

[SECURITY] [DSA 2946-1] python-gnupg security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

Debian DSA-2946-1 : python-gnupg - security update

Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard GPG. Insufficient sanitising could lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Debian Security Advisory DSA 2946-1 (python-gnupg - security update)

Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard GPG. Insufficient sanitising could lead to the execution of arbitrary shell commands. OpenVAS Vulnerability Test $Id: deb2946.nasl 6995 2017-08-23 11:52:03Z teissa $ Auto-generated from advisory DSA 2946-1...

Remote Command Injection in Ruby Gem sfpagent 0.4.14

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSONbody input is passed directly to the system shell on lin...

Ruby Gem sfpagent 0.4.14 Command Injection Vulnerability

Ruby Gem sfpagent version 0.4.14 suffers from a remote command injection vulnerability. Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable...

Palo Alto Networks PAN-OS < 3.1.11 / 4.0.x < 4.0.9 Multiple Vulnerabilities

The remote host is running a version of Palo Alto Networks PAN-OS prior to 3.1.11 / 4.0.9. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists that allows an authenticated attacker to crash the device via a specially crafted command sent to the CLI...

Palo Alto Networks PAN-OS < 4.0.8 Multiple Vulnerabilities

The remote host is running a version of Palo Alto Networks PAN-OS prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to overly verbose error messages. An attacker can exploit this vulnerability by sending specially crafted...

Joomla! Component com_community 2.6 - Code Execution

!/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note that in order to be able to execute PHP code, both the...

Joomla JomSocial 2.6 Code Execution Exploit

Joomla JomSocial component version 2.6 remote PHP code execution exploit. !/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla!...