7628 matches found
[SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution
------------------------------------------------------------------------ Debian Security Advisory DSA 1393-1 [email protected] http://www.debian.org/security/ Steve Kemp October 23rd, 2007 http://www.debian.org/security/faq -...
TikiWiki: Arbitrary command execution
Background TikiWiki is an open source content management system written in PHP. Description ShAnKaR reported that input passed to the "f" array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact An attacker could execute arbitrary code...
CVE-2007-5208
hpssd in Hewlett-Packard Linux Imaging and Printing Project hplip 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail...
Hardcoded credentials
hpssd in Hewlett-Packard Linux Imaging and Printing Project hplip 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail...
CVE-2007-5208
hpssd in Hewlett-Packard Linux Imaging and Printing Project hplip 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail...
CVE-2007-5208
hpssd in Hewlett-Packard Linux Imaging and Printing Project hplip 1.x and 2.x before 2.7.10 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a from address, which is not properly handled when invoking sendmail...
Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution
No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"body bgcolor="E0E0E0"----------------------------------------------------------------------------- bMicrosoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution/b...
Important: Red Hat Security Advisory: hplip security update
An updated hplip package to correct a security flaw is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The hplip Hewlett-Packard Linux Imaging and Printing Project package provides drivers for HP...
TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution
The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the 'f' parameter of the 'tiki-graphformula.php' script before using it as a function call. Regardless of PHP's 'registerglobals' setting, an...
Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability
Description Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control typically Internet...
Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution
Microsoft Visual FoxPro 6.0 - FPOLE.OCX Arbitrary Command Execution ----------------------------------------------------------------------------- Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution url: http://www.microsoft.com Author: shinnai mail: shinnaiatautisticidotorg site:...
Microsoft Visual FoxPro 6.0 - 'FPOLE.OCX' Arbitrary Command Execution
----------------------------------------------------------------------------- Microsoft Visual FoxPro 6.0 FPOLE.OCX Arbitrary Command Execution url: http://www.microsoft.com Author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written for educational purpose...
USN-527-1: xen-3.0 vulnerability
Joris van Rantwijk discovered that the Xen host did not correctly validate the contents of a Xen guests's grug.conf file. Xen guest root users could exploit this to run arbitrary commands on the host when the guest system was rebooted...
Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability
Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...
Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability
Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...
Microsoft Visual Studio PDWizard.ocx ActiveX vulnerability
Added: 09/30/2007 CVE: CVE-2007-4891 BID: 25638 OSVDB: 37106 Background Microsoft Visual Studio is a product for facilitating software development on Windows operating systems. Problem ActiveX controls contained in the PDWizard.ocx file in Microsoft Visual Studio 6.0 expose the StartProcess metho...
Design/Logic Flaw
pygrub tools/pygrub/src/GrubConf.py in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements...
Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution
No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"body bgcolor="E0E0E0"------------------------------------------------------------------------------------------------------ bMicrosoft Visual Studio 6.0 PDWizard PDWizard.ocx = 6.0.0.9782...
Python ImageOP模块多个整数溢出漏洞
BUGTRAQ ID: 25696 Python是一种开放源代码的脚本编程语言。 Python的imageop模块实现上存在堆溢出漏洞,本地攻击者可能利用此漏洞提升自己的权限。 Python的imageop模块的imageop.c和rbgimgmodule.c文件中存在整数溢出漏洞,最终会导致堆溢出。如果用户受骗打开了恶意的图形文件的话,就可能触发这些溢出,导致执行任意指令。有漏洞的代码段如下: static PyObject imageoptovideoPyObject self, PyObject args int maxx, maxy, x, y, len;...
Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...