DSA-748-1 ruby1.8 - bad default value

Bulletin has no description...

GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact : A remote attacker could exploit this vulnerability to execute arbitrary...

TikiWiki: Arbitrary command execution through XML-RPC

Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...

GLSA-200507-03 : phpBB: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200507-03 phpBB: Arbitrary command execution Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Impact : Successful exploitation would grant an attacker unrestricted access to the PHP exec or...

Fedora Core 4 : sudo-1.6.8p8-2.2 (2005-473)

Tue Jun 21 2005 Karel Zak 1.6.8p8-2.2 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...

K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution

// source: https://www.securityfocus.com/bid/14059/info CSVDB.CGI/iDB.CGI are affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'csvdb.cgi' script that will be executed in the context of the We...

sudo: Arbitrary command execution

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...

ruby -- arbitrary command execution on XMLRPC server

Nobuhiro IMAI reports: the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods"sample", MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...

Fedora Core 3 : sudo-1.6.7p5-30.3 (2005-472)

Tue Jun 21 2005 Karel Zak 1.6.7p5-30.3 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...

CVE-2001-1498

Technical details about CVE-2001-1498 are not provided in the connected documents. The initial description notes a buffer overflow in mod_bf 0.2 allowing local command execution, but specifics (versions, root cause, exploit) are not disclosed here. Monitor for updates.

gzip security update

CentOS Errata and Security Advisory CESA-2005:357-01 An updated gzip package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. A bug was found in the way zgrep processe...

JamMail 1.8 - Jammail.pl Arbitrary Command Execution

source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to various attacks including unauthorized access to an...

e107 ePing Plugin doping.php Arbitrary Code Execution

The installation of e107 on the remote host includes a version of the ePing plugin that is affected by a command execution vulnerability. This plugin fails to sanitize the 'epingcmd', 'epingcount' and/or 'epinghost' parameters of the 'doping.php' script before using them in a system call. An...

CVE-2005-1789

SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password...

Gentoo Webapp-Config 1.10 - Insecure File Creation

Gentoo Webapp-Config 1.10 - Insecure File Creation source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writin...

Gentoo Webapp-Config 1.10 - Insecure File Creation

source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to cau...

Gforge - viewFile.php security flaw

-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : 4.0 Bug fixed : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Auth...

PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary Command Execution

Binary data 2933.prm...

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...

DEBIAN-CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script...