[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1270-2 [email protected] http://www.debian.org/security/ Martin Schulze March 28th, 2007 http://www.debian.org/security/faq -...

DSA-1270-1 openoffice.org - several vulnerabilities

Bulletin has no description...

SOL7164 - Execution of UNIX shell commands from a URL without authentication

A URL that is accessible without first authenticating to the FirePass controller may be modified to inject UNIX shell commands. Under certain conditions, the commands can then be executed with user-level privileges. Any attacker with access to the FirePass logon page can theoretically launch this...

SOL7147 - Execution of UNIX shell commands from the URL in the Admin UI

A URL that is accessible from the Device Management Maintenance Troubleshooting Tools page can be modified to inject UNIX shell commands, which are then executed with user-level privileges. Only FirePass Administrators with permission to access this URL can perform this action. Standard FirePass...

GLSA-200701-23 : Cacti: Command execution and SQL injection

The remote host is affected by the vulnerability described in GLSA-200701-23 Cacti: Command execution and SQL injection rgod discovered that the Cacti cmd.php and copycactiuser.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users...

Debian DSA-1250-1 : cacti - missing input sanitising

It was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the 'cmd' script, which allows SQL injection and the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Mac OS X 10.4.8 System Preferences Local Privilege Escalation Exploit

No description provided by source. !/usr/bin/ruby Copyright c 2007 Kevin Finisterre kflists at digitalmunition.com Lance M. Havok lmh at info-pull.com All pwnage reserved. "Exploit" for MOAB-21-01-2007: OS X, making root shells easier each day...

DSA-1250-1 cacti

Bulletin has no description...

L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

Exploit for unknown platform in category web applications ======================================================================== L2J Statistik Script = 0.09 index.php page Local File Include Exploit ======================================================================== ? print ' | \ | \ \ / |...

DSA-1240-1 links2

Bulletin has no description...

Debian DSA-1226-1 : links - insufficient escaping

Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-1228-1 : elinks - insufficient escaping

Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

DSA-1226-1 links

Bulletin has no description...

Debian DSA-1220-1 : pstotext - insecure file name quoting

Brian May discovered that pstotext, a utility to extract plain text from Postscript and PDF files, performs insufficient quoting of file names, which allows execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

DSA-1220 pstotext

Bulletin has no description...

Debian DSA-1204-1 : ingo1 - missing input sanitising

It was discovered that the Ingo email filter rules manager performs insufficient escaping of user-provided data in created procmail rules files, which allows the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

ingo -- local arbitrary shell command execution

The Horde team reports a vulnerability within Ingo, the filter management suite. The vulnerability is caused due to inadequete escaping, possibly allowing a local user to execute arbitrary shell commands via procmail...

FreeBSD : dokuwiki -- multiple vulnerabilities (450b76ee-5068-11db-a5ae-00508d6a62df)

Secunia reports : Some vulnerabilities have been reported in DokuWiki, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise a vulnerable system. Input passed to the 'w' and 'h' parameters in lib/exec/fetch.php is not properly sanitised before being...

DokuWiki: Shell command injection and Denial of service

Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description Input validation flaws have been discovered in the image handling of fetch.php if ImageMagick is used, which is not the default method. Impact A remote attack...

Alstrasoft e-Friends 4.85 - Remote Command Execution

!/usr/bin/perl AlstraSoft Efriends 4.85 Remote Command Execution Exploit Site : http://www.alstrasoft.com/efriends.htm Coded by Kw3RLn from Romanian Security Team a.K.A http://RST-CREW.NET Contact: [email protected] or [email protected] PS: fuck CarcaBot ..another lame romanian guy= use...