CVE-2008-7032

Web Management Console Cross-site request forgery CSRF vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using...

CVE-2008-7032

Technical details about CVE-2008-7032 are not publicly available in the provided documents. Monitor for updates from vendors and security feeds to obtain affected products/versions, impact, exploit status, and remediation.

openSUSE Security Update : jhead (jhead-399)

This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand %NASLMINLEVEL 70300 C Tenab...

openSUSE Security Update : netatalk (netatalk-510)

This update of netatalk adds a filter for characters of user-supplied data to papd. Prior to this update it was possible to execute arbitrary shell commands remotely. CVE-2008-5718 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

[USN-791-3] Smarty vulnerability

=========================================================== Ubuntu Security Notice USN-791-3 June 24, 2009 smarty vulnerability CVE-2009-1669 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.04 This advisory also applies ...

USN-791-3: Smarty vulnerability

It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user...

ASMAX AR 804 GU Router Command Execution

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

ASMAX AR 804 gu Web Management Console Arbitrary Command Exec

Exploit for hardware platform in category remote exploits ============================================================= ASMAX AR 804 gu Web Management Console Arbitrary Command Exec ============================================================= 1. ASMAX 804 gu router is a SOHO class device. It...

ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution

ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution 1. ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When...

ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

DSL router remotely controlled by URL

From The H Security Security researcher Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it’s relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. He has now published securitum.pl further details. Sajdak discovered that it’s easy to add...

nagios -- Command Injection Vulnerability

Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploite...

Nagios 3.0.6 - statuswml.cgi Arbitrary Shell Command Injection

Nagios 3.0.6 - statuswml.cgi Arbitrary Shell Command Injection source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute...

Nagios 3.0.6 - 'statuswml.cgi' Arbitrary Shell Command Injection

source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running th...

Ubuntu Update for samba vulnerabilities USN-460-1

Ubuntu Update for Linux kernel vulnerabilities USN-460-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4601.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for samba vulnerabilities USN-460-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ubuntu: Security Advisory (USN-444-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CSO/x86 - execve("/bin/sh", ..., NULL) - 43 bytes

No description provided by source. / minervini at neuralnoise dot com c 2005 SCOSV scosysv 3.2 5.0.7 i386, execve"/bin/sh", ..., NULL; / include "sys/types.h" include "stdio.h" char scode = "\x31\xc9" // xor %ecx,%ecx "\x89\xe3" // mov %esp,%ebx "\x68\xd0\x8c\x97\xff" // push $0xff978cd0...

HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)

The 'webappmon.exe' CGI script included with the version of HP OpenView Network Node Manager installed on the remote host fails to sanitize user input of shell metacharacters before using it to execute external programs. An unauthenticated, remote attacker can leverage this issue to run arbitrary...

Mandrake Security Advisory MDVSA-2009:033 (sudo)

The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. OpenVAS Vulnerability Test $Id: mdksa2009033.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:033 sudo Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Mandrake Security Advisory MDVSA-2009:033 (sudo)

The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...