1820 matches found
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 34502 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.1.1 an...
[SECURITY] [DSA 2453-1] gajim security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2453-1 [email protected] http://www.debian.org/security/ Nico Golde April 16, 2012 http://www.debian.org/security/faq -...
Debian DSA-2453-1 : gajim - several vulnerabilities
Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to...
FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities
This host is running FreePBX and is prone to multiple cross site scripting and remote command execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodfreepbxmultxssnrcevuln.nasl 5977 2017-04-19 09:02:22Z teissa $ FreePBX Multiple Cross Site Scripting and Remote Command Execution...
Debian Security Advisory DSA 2380-1 (foomatic-filters)
The remote host is missing an update to foomatic-filters announced via advisory DSA 2380-1. OpenVAS Vulnerability Test $Id: deb23801.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2380-1 foomatic-filters Authors: Thomas Reinke Copyright: Copyright c 2012...
Debian: Security Advisory (DSA-2380-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenEMR 4.1 - '/contrib/acog/print_form.php?formname' Traversal Local File Inclusion
source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...
Plone Zope SAXutils Command Execution
Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...
Self-extracting archive (SFX) as Creative Virus Handler
Self-extracting archive SFX as Creative Virus Handler Yesterday I Found and interesting article about "Self-extracting archive SFX" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not al...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE :...
foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Arbitrary Shell Command Execution
source: https://www.securityfocus.com/bid/48982/info foomatic-gui is prone to a remote arbitrary shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary shell commands in the context of t...
[SECURITY] Fedora 14 Update: fabric-0.9.7-1.fc14
Fabric is a simple Pythonic remote deployment tool which is designed to upl oad files to, and run shell commands on, a number of servers in parallel or serially...
Oracle Java multiple security vulnerabilities
Multiple integer overflows on ICC profiles parsing. Java Web Start shell commands execution...
Ubuntu 10.10 : language-selector vulnerability (USN-1115-1)
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation. Note that Tenable Network...
klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution
klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution source: https://www.securityfocus.com/bid/47924/info klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute...
Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation
======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...
Vmware vSphere Management Assistant (vMA) Privilege Escalation
======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...
XSS in Webmin 1.540 + exploit for privilege escalation
Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...
Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006)
Binary data 5897.prm...
Webmin 1.540 Cross Site Scripting / Command Execution
Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi Description ------------------ Webmi...