AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution

source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP application AllMyGuests is prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'requireonce' call. This issue may allow a remote attacker to...

Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution

Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution source: https://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when...

Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when a specially formatted HCP URI that references a local resource is...

CVE-2003-0949

xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands...

Qualiteam X-Cart 3.x - upgrade.php?perl_binary Arbitrary Command Execution

Qualiteam X-Cart 3.x - upgrade.php?perlbinary Arbitrary Command Execution source: https://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of...

Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution

The remote host is running Qualiteam X-Cart - a shopping cart software written in PHP. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. In addition to this, there are some flaws that could allo...

Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution

The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...

Leif M. Wright Web Blog 1.1 - Remote Command Execution

source: https://www.securityfocus.com/bid/9539/info Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables...

KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader

Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...

Kietu 23 - index.php Remote File Inclusion

Kietu 23 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, whi...

Kietu 2/3 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary...

CVE-2004-0037

FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages...

Important: Red Hat Security Advisory: : Updated kdepim packages resolve security vulnerability

Updated kdepim packages are now available that fix a local buffer overflow vulnerability. The K Desktop Environment KDE is a graphical desktop for the X Window System. The KDE Personal Information Management kdepim suite helps you to organize your mail, tasks, appointments, and contacts. The KDE...

[SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 420-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2004 http://www.debian.org/security/faq -...

[Full-Disclosure] [SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 420-1 [email protected] http://www.debian.org/security/ Martin Schulze January 12th, 2004 http://www.debian.org/security/faq -...

PHP-Ping php-ping.php count Parameter Arbitrary Command Execution

The remote host appears to be running 'php-ping.php' from TheWorldsEnd.NET. The remote version of this script does not properly sanitize the 'count' parameter and allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server...

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9253/info It has been reported that the SiteInteractive Subscribe Me setup.pl script lacks sufficient sanitization on user-supplied URI parameters; an attacker may invoke this script remotely and and by passing sufficient URI parameters may influence the...

OnlineArts DailyDose 1.1 - dose.pl Remote Command Execution

OnlineArts DailyDose 1.1 - dose.pl Remote Command Execution source: https://www.securityfocus.com/bid/9000/info It has been reported that DailyDose may be prone to a remote command execution vulnerability due to insufficient sanitization of $temp variable in dose.pl script. An attacker may submit...

kpopup 0.9.x - Privileged Command Execution

kpopup 0.9.x - Privileged Command Execution // source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3...

ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front

ZH2003-28SA security advisory: file inclusion vulnerability in PayPal Store Front Published: 08 October 2003 Name: PayPal Store Front Affected Versions: 3.0 and other versions? Vendor: http://www.muziqpakistan.net/taz/ Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description...