bbsEMarket.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20040915-07 BBS E-Market Professional multiple vulnerabilities Revision 1.0 Date Published: 2004-09-15 KST Last Update: 2004-09-15 Disclosed by SSR Team [email protected] Abstract ======== BBS E-MarketBobusang in Kore...

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

CVE-2004-0745

The CVE-2004-0745 issue affects LHA 1.14 and earlier, where an attacker could trigger arbitrary command execution by creating a directory name with shell metacharacters. Reported impact is remote command execution with the vulnerability allowing complete confidentiality, integrity, and availabili...

GLSA-200409-05 : Gallery: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200409-05 Gallery: Arbitrary command execution The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file...

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

CVE-2003-0068

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker t...

CVE-2003-0069

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

CVE-2002-1377

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...

CVE-2002-1548

Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."...

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitra...

CVE-1999-1189

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file...

CVE-2002-1377

CVE-2002-1377 affects Vim 6.0 and 6.1 (and possibly other versions) and is caused by the libcall feature in modelines not being sandboxed, enabling arbitrary command execution when a malicious file is edited (e.g., via mutt). The vulnerability is triggered locally when Opened files contain crafte...

CVE-2003-0077

The CVE concerns hanterm/hanterm-xf terminal emulators (2.0.5 and earlier). Affected component is the escape sequence that sets the window title; an attacker could craft a sequence that places a command into the title and, when the user views the file containing it, that command could be executed...

CVE-2003-0067

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

CVE-2003-0065

The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitra...

CVE-2002-1478

CVE-2002-1478 affects Cacti prior to 0.6.8. The issue allows an attacker to execute arbitrary commands via the Data Input option in console mode, due to the underlying handling of input. The vulnerability is documented with a high impact (CVSS v2 base score 10.0; confidentiality, integrity, and a...

CVE-2002-1377

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...

CVE-2003-0069

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

GNU a2ps 4.13 - File Name Command Execution

GNU a2ps 4.13 - File Name Command Execution source: https://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to...