7629 matches found
RedHat Update for sudo RHSA-2010:0361-01
Check for the Version of sudo OpenVAS Vulnerability Test RedHat Update for sudo RHSA-2010:0361-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...
Foxit Reader Arbitrary Command Execution Vulnerability
Foxit Reader is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Foxit Reader Arbitrary Command Execution Vulnerability
The host is installed with Foxit Reader and is prone to arbitrary command execution vulnerability. OpenVAS Vulnerability Test $Id: gbfoxitreadercodeexecvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ Foxit Reader Arbitrary Command Execution Vulnerability Authors: Antu Sanadi Copyright: Copyright c...
Foxit Reader vulnerable to arbitrary command execution
Overview Foxit Reader contains a vulnerability that may allow an attacker to execute arbitrary commands without requiring user interaction. Description Foxit Reader is software designed to view Portable Document Format PDF files. The Adobe PDF Reference supports a "Launch action" that "... launch...
Sql injection
SQL injection vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to execute arbitrary SQL commands via the subj parameter...
Trouble Ticket Express fid Parameter Arbitrary Remote Code Execution
The remote host is running Trouble Ticket Express, an open source web-based trouble ticket application written in Perl. At least one module included with the version of Trouble Ticket Express hosted on the remote web server fails to sanitize input to the 'fid' parameter of the 'ttx.cgi' script...
Debian DSA-1979-1 : lintian - multiple vulnerabilities
Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using...
TWiki Search Function Arbitrary Command Execution
This module exploits a vulnerability in the search component of TWiki. By passing a 'search' parameter containing shell metacharacters to the 'WebSearch' script, an attacker can execute arbitrary OS commands. This module requires Metasploit: https://metasploit.com/download Current source:...
hplip hpssd.py From Address Arbitrary Command Execution
$Id: hpliphpssdexec.rb 8511 2010-02-16 00:27:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
LANDesk管理网关工具跨站脚本和跨站请求伪造漏洞
BUGTRAQ ID: 38119 CVE ID: CVE-2010-0368,CVE-2010-0369 LANDesK管理网关工具是安全的系统管理套件。 Landesk管理网关工具没有充分验证提交特制请求的用户,当Web应用接收到删除之前所生成备份的请求时,会由 gsb/BackupRestoreTab.php处理该请求: /----- 19 $cmd = "sudo /subin/backuptool --delete $POST'delBackupName'"; 20 exec$cmd; 21 $msg = "Successfully Removed:...
SystemTap 'stap-server' Remote Shell Command Injection Vulnerability
SystemTap is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1979-1 [email protected] http://www.debian.org/security/ Raphael Geissert January 27, 2009 http://www.debian.org/security/faq -...
[Backports-security-announce] Security Update for lintian
Raphael Geissert uploaded new packages for lintian which fixed the following security problems: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems control...
[Backports-security-announce] Security Update for lintian
Raphael Geissert uploaded new packages for lintian which fixed the following security problems: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems control...
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA-1979-1 [email protected] http://www.debian.org/security/ Raphael Geissert January 27, 2009 http://www.debian.org/security/faq -...
CVE-2009-4488
Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...
mini_httpd 1.18 - HTTP Request Escape Sequence Terminal Command Injection
source: https://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. This issue...
CVE-2009-4498
CVE-2009-4498 affects Zabbix Server before 1.8. The vulnerability lies in node_process_command() (nodehistory.c), allowing remote command execution via a crafted request. Documented impact is remote arbitrary command execution with network access (CVSSv2 base 6.8). Connected sources confirm explo...
CoreHTTP Arbitrary Command Execution Vulnerability
No description provided by source. Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input...
CoreHTTP Arbitrary Command Execution Vulnerability
Exploit for unknown platform in category remote exploits ================================================== CoreHTTP Arbitrary Command Execution Vulnerability ================================================== Title: CoreHTTP Arbitrary Command Execution Vulnerability CVE-ID: OSVDB-ID: Author: Aar...