Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities

According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP's 'registerglobals' setting is enabled. %NASLMINLEVEL...

Gallery save_photos.php Arbitrary Command Execution

The version of Gallery hosted on the remote web server is affected by an arbitrary command execution vulnerability. This could allow an attacker to execute arbitrary commands on the remote host by uploading a file containing arbitrary PHP code. When the temp directory is web accessible, the...

AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution

Binary data 1728.prm...

HP Jet Admin 7.x Traversal Arbitrary Command Execution

Binary data 1211.prm...

Aplio Internet Phone authenticate.cgi Arbitrary Command Execution

Binary data 1641.prm...

AOL Instant Messenger IMG Tag Arbitrary Command Execution

Binary data 1251.prm...

bsguest.cgi Guestbook Email Address Variable Arbitrary Command Execution

Binary data 1644.prm...

IkonBoard FUNC.pm lang Cookie Arbitrary Command Execution

Binary data 1537.prm...

Sendmail DEBUG Arbitrary Command Execution

Binary data 2028.prm...

YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution

The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack of sanitization of user-supplied data. It is reported that an attacker may be ab...

BasiliX login.php3 username Variable Arbitrary Command Execution

The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be execut...

gnomevfs -- unsafe URI handling

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim...

Mandrake Linux Security Advisory : dhcpcd (MDKSA-2003:003)

A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables...

Mandrake Linux Security Advisory : xpdf (MDKSA-2003:071-1)

Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update : New packages are available as t...

Mandrake Linux Security Advisory : gaim (MDKSA-2002:054-1)

Versions of Gaim an AOL instant message client prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the 'manual' browser command passes an untrusted string to the shell without reliable quoting or escaping...

Fedora Core 1 : kdepim-3.1.4-2 (2004-133)

The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2003-0988 t...

CVE-2004-0201

Heap-based buffer overflow in the HtmlHelp program hh.exe in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041...

CVE-2004-0395

The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call...

CVE-2002-1582

compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi...

RHEL 2.1 : cvs (RHSA-2003:013)

Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 CVS is a...