OPeNDAP arbitrary command execution vulnerability

Overview The BES daemon in OPeNDAP server version 4 contains a vulnerability. This vulnerability may allow an attacker to execute arbitrary commands, or upload files to a remote server. Description OPeNDAP is a software package designed to help researchers exchange data sets that are stored in...

CentOS 5 : vim (CESA-2007:0346)

Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM VIsual editor iMproved is a version of the vi editor. An arbitrary command execution flaw was...

vim security update

CentOS Errata and Security Advisory CESA-2007:0346 Updated vim packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. VIM VIsual editor iMproved is a version of the v...

[security bulletin] HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00742778 Version: 3 HPSBMA02138 SSRT061184 rev.3 - HP OpenView Storage Data Protector, Remote Unauthorized Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be...

CVE-2007-0655

The CVE concerns the MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1 (and possibly other versions). Affected component: MWAGENT.EXE running as a service. Vulnerability: remote or local attackers can gain privileges and execute arbitrary commands by connecting dir...

datadomain-exec.txt

SUMMARY ======= An arbitrary command execution vulnerability exists in the command line administration interface of the software used by DataDomain appliances. An attacker who is able to access the administration interface could exploit this vulnerability to install malicious software and use the...

Arbitrary Command Execution in DataDomain Administrator Interface

SUMMARY ======= An arbitrary command execution vulnerability exists in the command line administration interface of the software used by DataDomain appliances. An attacker who is able to access the administration interface could exploit this vulnerability to install malicious software and use the...

[Full-disclosure] dproxy - arbitrary code execution through stack buffer overflow vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================ ||| Security Advisory AKLINK-SA-2007-001 ||| ||| CVE-2007-1465 CVE candidate ||| ============================================ dproxy - remotely exploitable buffer overflow...

CVE-2007-1572

CVE-2007-1572 describes a SQL injection vulnerability in search.asp of JGBBS 3.0 Beta 1 and earlier. The flaw allows remote attackers to inject arbitrary SQL commands through the title parameter, representing a different vector than CVE-2007-1440. The description notes the vulnerability is presen...

PHP COM Extensions - inconsistent Win32 safe_mode Bypass

PHP COM Extensions - inconsistent Win32 safemode Bypass Run'c:\windows\system32\cmd.exe /c '.escapeshellarg$GETcmd.' '.dirname$SERVERSCRIPTFILENAME.'/suntzoi.txt'; $suntzoi=file"suntzoi.txt"; for $i=0; $i milw0rm.com 2007-03-07...

WordPress 2.1.1 - wp-includestheme.php?iz Arbitrary Command Execution

WordPress 2.1.1 - wp-includestheme.php?iz Arbitrary Command Execution source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will...

WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands...

WordPress 2.1.1 - Arbitrary Command Execution

WordPress 2.1.1 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject...

Apache 1.3.341.3.33 (Ubuntu Debian) - CGI TTY Privilege Escalation

Apache 1.3.341.3.33 Ubuntu Debian - CGI TTY Privilege Escalation / :: Kristian Hermansen :: Date: 20070229 Description: Local attacker can influence Apache to direct commands into an open tty owned by user who started apache process, usually root. This results in arbitrary command execution...

SUSE-SA:2006:040: OpenOffice_org

The remote host is missing the patch for the advisory SUSE-SA:2006:040 OpenOfficeorg. Following security problems were found and fixed in OpenOfficeorg: - CVE-2006-2198: A security vulnerability in OpenOffice.org may make it possible to inject basic code into documents which is executed upon...

DEBIAN-CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

CVE-2006-6979

The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters...

CVE-2007-0835

admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, allows remote authenticated users to execute arbitrary shell commands via shell metacharacters ";" semicolon in the "Command line options for ImageMagick" form field, when used as an option to ImageMagick's convert command. NOTE:...

CVE-2007-0835

The CVE-2007-0835 entry applies to Coppermine Photo Gallery 1.4.10 (and possibly earlier). It describes a remote command-injection vulnerability where an authenticated user can execute arbitrary shell commands by injecting shell metacharacters (a semicolon) into the ImageMagick-related input fiel...