security flaw

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

security flaw

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack...

Mandrake Linux Security Advisory : netpbm (MDKSA-2005:133)

Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary...

Low: Red Hat Security Advisory: net-snmp security update

Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP Simple Network Management Protocol is a protocol used for network management. A denial of service bug was...

Alkalay.Net Multiple Scripts Arbitrary Command Execution

The remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Mozilla BrowserFirefox - Arbitrary Command Execution

Mozilla BrowserFirefox - Arbitrary Command Execution source: https://www.securityfocus.com/bid/14888/info Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate...

Mozilla Browser/Firefox - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14888/info Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate unauthorized remote access. Mozilla Firefox 1.0.6...

atutor-151.txt

ATUTOR 1.5.1 possibly prior versions SQL INJECTION / ADMIN & USERS CREDENTIALS DISCLOSURE / INFORMATION DISCLOSURE / USER IMPERSONATION / REMOTE CODE EXECUTION software: site: http://www.atutor.ca/ description: "ATutor is an Open Source Web-based Learning Content Management System LCMS designed...

TWiki 'rev' Parameter Arbitrary Command Execution

The version of TWiki running on the remote host allows an attacker to manipulate input to the 'rev' parameter in order to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

TWiki TWikiUsers - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14834/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute...

USN-178-1: Linux kernel vulnerabilities

Oleg Nesterov discovered a local Denial of Service vulnerability in the timer handling. When a non group-leader thread called exec to execute a different program while an itimer was pending, the timer expiry would signal the old group leader task, which did not exist any more. This caused a kerne...

man2web Multiple Scripts Arbitrary Command Execution

The remote host appears to be running man2web, a program for dynamically converting unix man pages to HTML. The installed version of man2web allows attackers to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable...

Netquery <= 3.11 nquser.php host Parameter Arbitrary Command Execution

The remote host is running Netquery, a suite of network information utilities written in PHP. The installed version of Netquery lets an attacker execute arbitrary commands within the context of the affected web server user id by passing them through the 'host' parameter of the 'nquser.php' script...

[SECURITY] [DSA 782-1] New bluez-utils packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 782-1 [email protected] http://www.debian.org/security/ Martin Schulze August 23rd, 2005 http://www.debian.org/security/faq -...

Multiple MacOS X vulnerabilities

Apple Mac OS X Directory Services contains a buffer overflow, Apple Mac OS X Server servermgrd authentication vulnerable to buffer overflow, Apple Mac OS X AppKit vulnerable to buffer overflow via the handling of maliciously crafted rich text files, Apple Mac OS X AppKit vulnerable to buffer...

Zorum 3.5 remote code execution poc exploit

Zorum 3.5 remote code execution poc exploit software: description: Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script execution. author site: http://zorum.phpoutsourcing.com/ 1...

PHPOutsourcing Zorum 3.5 - Prod.php Arbitrary Command Execution

PHPOutsourcing Zorum 3.5 - Prod.php Arbitrary Command Execution source: https://www.securityfocus.com/bid/14601/info Zorum is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue may facilitat...

PHPOutsourcing Zorum 3.5 - &#039;Prod.php&#039; Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14601/info Zorum is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access in the context of the Web server to...

GLSA-200508-09 : bluez-utils: Bluetooth device name validation vulnerability

The remote host is affected by the vulnerability described in GLSA-200508-09 bluez-utils: Bluetooth device name validation vulnerability The name of a Bluetooth device is improperly validated by the hcid utility when a remote device attempts to pair itself with a computer. Impact : An attacker...

gforgeexec.txt

-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Author : Filippo Spi...