HP Linux Imaging and Printing Project (hplip) hpssd from Address Command Injection

The version of the HP Linux Imaging and Printing System hpssd daemon on the remote host fails to sanitize user-supplied input before appending it to a commandline when calling sendmail. Using a specially crafted email address, an unauthenticated, remote attacker can leverage this issue to execute...

VMware vielib.dll StartProcess command execution

Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines, which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function ...

VMware vielib.dll StartProcess command execution

Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function...

VMware vielib.dll StartProcess command execution

Added: 09/25/2007 CVE: CVE-2007-4058 BID: 25118 OSVDB: 42078 Background VMware is a suite of products supporting the creation and operation of virtual machines , which are self-contained, independent guest operating systems running within a host operating system. Problem The StartProcess function...

ewire Payment Client 1.601.70 - Command Execution

ewire Payment Client 1.601.70 - Command Execution source: https://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage th...

ewire Payment Client 1.60/1.70 - Command Execution

source: https://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands on an...

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...

ClamAV milter popen command injection

Added: 09/06/2007 CVE: CVE-2007-4560 BID: 25439 OSVDB: 36909 Background ClamAV is an open-source anti-virus toolkit. clamav-milter is a derivative of ClamAV for e-mail servers running Sendmail. Problem An insecure call to the popen function in clamav-milter, when running in black hole mode, allow...

Debian DSA-1366-1 : clamav - several vulnerabilities

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting i...

irc/bitchx -- multiple vulnerabilities

bannedit reports: Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable. Nico Golde reports: There is a security issue in ircii-pana in bitchx' hostname command. The ehostname function...

BlueCat Networks Adonis 5.0.2.8 - CLI Privilege Escalation

BlueCat Networks Adonis 5.0.2.8 - CLI Privilege Escalation source: https://www.securityfocus.com/bid/25342/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input. An attacker with...

SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln

Exploit for unknown platform in category web applications ================================================================ SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln ================================================================ SquirrelMail G/PGP Encryption Plug-in Remote...

Crlf injection

Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the 1 IN and 2 OUT parameters...

CVE-2007-3621

Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the 1 IN and 2 OUT parameters...

CVE-2007-3621

Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the 1 IN and 2 OUT parameters...

CVE-2007-3621

CVE-2007-3621 involves multiple CRLF injection flaws in the AsteriDex 3.0 and earlier versions, exploitable through the callboth.php IN/OUT parameters to potentially execute arbitrary shell commands on the remote host. The vulnerability stems from inadequate input sanitization before relaying dat...

[SECURITY] Fedora 7 Update: ekg-1.7-1.fc7

EKG "Eksperymentalny Klient Gadu-Gadu" is an open source gadu-gadu client for UNIX systems. Gadu-Gadu is an instant messaging program, very popular in Poland. EKG features include: - irssi-like ncurses interface - sending and receiving files - voice conversations - launching shell commands on...

CVE-2007-3360

hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands...

Out-of-bounds

hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes shell commands...