Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection (Metasploit)

Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 - masterCGI Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing a...

Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution

No description provided by source. pre codespan style="font: 10pt Courier New;"span class="general1-symbol"body bgcolor="E0E0E0"------------------------------------------------------------------------------------------------------ bMicrosoft Visual Studio 6.0 PDWizard PDWizard.ocx = 6.0.0.9782...

msvs-pdwiz.txt

------------------------------------------------------------------------------------------------------ Microsoft Visual Studio 6.0 PDWizard PDWizard.ocx url: http://www.microsoft.com author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written for educationa...

Microsoft Visual Studio 6.0 (PDWizard.ocx) Remote Command Execution

Exploit for unknown platform in category remote exploits =================================================================== Microsoft Visual Studio 6.0 PDWizard.ocx Remote Command Execution ===================================================================...

DSA-1366-1 clamav

Bulletin has no description...

CVE-2007-4074

The default configuration of Centre for Speech Technology Research CSTR Festival 1.95 beta aka 2.0 beta on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute...

Default configuration

The default configuration of Centre for Speech Technology Research CSTR Festival 1.95 beta aka 2.0 beta on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute...

CVE-2007-4074

CVE-2007-4074 affects Festival 1.95 beta (aka 2.0 beta) in Gentoo/SUSE and possibly other distros. The festival daemon runs as root with a passwordless default config, exposing a local daemon on port 1314 that can be abused to execute arbitrary commands by local attackers, with remote access poss...

CVE-2007-4010

The win32std extension in PHP 5.2.3 does not follow safemode and disablefunctions restrictions, which allows remote attackers to execute arbitrary commands via the winshellexecute function...

Sql injection

SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2007-3924

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the...

AsteriDex callboth.php Multiple Parameter CRLF Injection Arbitrary Command Execution

The remote host is running AsteriDex, a web-based dialer and address book for Asterisk. The version of AsteriDex installed on the remote host fails to sanitize input to the 'IN' parameter of the 'callboth.php' script before passing it to the Asterisk Call Manager as part of the data stream of an...

ServerView Servername Parameter Arbitrary Command Execution

The remote host is running ServerView, a web-based suite of asset management tools. The version of ServerView installed on the remote host fails to sanitize user-supplied input to the 'Servername' parameter of the 'SnmpView/SnmpListMibValues' script before using it to execute a shell command. An...

CVE-2007-2839

gfax 0.4.2 (and probably other versions) creates temporary files insecurely, which can allow local users to execute arbitrary commands via unknown vectors. Debian security advisory DSA-1329-1 fixes the issue by updating gfax; the advisory describes privilege escalation and root-level impact for v...

FreeType位图字体处理远程溢出漏洞

BUGTRAQ ID: 24708 FreeType是一个流行的字体函数库。 FreeType的src/base/ftbimap.c文件没有正确地处理位图字体，如果用户受骗打开了特制的字体文件的话，就可能触发缓冲区溢出，导致拒绝服务或执行任意指令。 FreeType FreeType 2.3.3 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://downloads.sourceforge.net/freetype/freetype-2.3.4.tar.gz?modtime=1176187387&bigmirror=0...

CVE-2007-2951

The parseIrcUrl function in src/kvirc/kernel/kviircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an 1 irc:// or 2 irc6:// URI...

W3M浏览器InputAnswer格式串漏洞

W3M是一款开放源代码的文字式网页浏览器。 W3M不正确过滤用户提交给格式打印函数的输入，远程攻击者可以利用漏洞进行格式串攻击，可能以进程权限执行任意指令。 目前没有详细漏洞细节提供。 W3M W3M 0.5.1 W3M W3M 0.3.2 .2 W3M W3M 0.3.2 .1 W3M W3M 0.3.2 W3M W3M 0.3.1 + RedHat Linux 8.0 i386 + RedHat Linux 8.0 W3M W3M 0.3 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 W3M W3M 0.2.5 .1 W3M W3M 0.2.5...

Xoops iContent模块Spaw_Control.Class.PHP远程文件包含漏洞

Xoops iContent模块是一款基于PHP的WEB应用程序。 Xoops iContent模块不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'SpawControl.Class.PHP'脚本对用户提交的WEB参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Xoops iContent Module 1.0 目前没有解决方案提供： http://mirror.in.th/sourceforge.net/x/xo/xoops...

Macrovision FLEXnet DWUpdateService ActiveX (agent.exe) Multiple Method Arbitrary Command Execution

Macrovision FLEXnet Connect, formerly known as InstallShield Update Service, is installed on the remote host. It is a software management solution for internally-developed and third-party applications, and may have been installed as part of the FLEXnet Connect SDK, other InstallShield software, o...

RHEL 5 : vim (RHSA-2007:0346)

Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM VIsual editor iMproved is a version of the vi editor. An arbitrary command execution flaw was...