Joomla X-shop远程文件包含漏洞

Joomla X-shop是一款基于PHP的电子购物程序。 Joomla X-shop不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Joomla X-Shop 1.7 http://mamboxchange.com/projects/x-shop/...

Invisionix Roaming System Remote Pageheaderdefault.Inc.PHP远程文件包含漏洞

Invisionix Roaming System是一款基于PHP的WEB应用程序。 Invisionix Roaming System不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'Pageheaderdefault.Inc.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Invisionix Systems Invisionix Roaming System Remote 0.2 http://www.invisionix.org/...

CVE-2006-6289

Woltlab Burning Board wBB Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbbuserid parameter to the top-level URI...

CVE-2006-6244

Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 is vulnerable to arbitrary command execution via shell metacharacters in CALLERID(name) or CALLERID(number). Root cause: improper handling of shell metacharacters in these fields. The available sources document this ...

CVE-2006-5957

INFINICART is affected by multiple SQL injection vulnerabilities reported as CVE-2006-5957. Public details specify that remote attackers could manipulate SQL by supplying crafted input in the following parameters: groupid (browse_group.asp), productid (added_to_cart.asp), and catid/subid (browses...

Oracle Security Component sys.pbsde buffer overflow

Added: 11/07/2006 CVE: CVE-2005-3438 BID: 15134 OSVDB: 20612 Background pbsde is a package of stored procedures which is part of the base installation of Oracle Database. Problem A buffer overflow in the sys.pbsde.init procedure allows database users to execute arbitrary commands. Resolution Appl...

eIQNetworks Enterprise Security Analyzer Monitoring.exe多个缓冲区溢出漏洞

eIQnetworks Enterprise Security Analyzer（ESA）是一款企业级的安全管理平台。 ESA的Monitoring.exe进程中存在两个缓冲区溢出漏洞，远程攻击者可能利用此漏洞在服务器上执行任意指令。 第一个漏洞存在于Monitoring.exe中负责处理TCP 9999端口上用户数据的例程中。如果连接到这个端口，用户就会立即被提示输入口令。这时可以发送HELP命令获得各种命令帮助： --------------------------------------------------------- Usage: QUERYMONITOR: to fetc...

Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...

Ingo Foldername Arbitrary Command Execution

According to its version number, the instance of Ingo installed on the remote host fails to properly sanitize mailbox destinations in filter rules. By using a folder name beginning with '|' as a mailbox destination, an authenticated, remote attacker may be able to exploit this issue to execute...

Debian DSA-1039-1 : blender - several vulnerabilities

Several vulnerabilities have been discovered in blender, a very fast and versatile 3D modeller/renderer. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3302 Joxean Koret discovered that due to missing input validation a provided script is vulnerabl...

openssh security update

CentOS Errata and Security Advisory CESA-2006:0698-01 Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SS...

Important: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package...

DokuWiki fetch.php Multiple Parameter imconvert Function Arbitrary Command Execution

The remote host is running DokuWiki, an open source wiki application written in PHP. The installed version of DokuWiki fails to properly sanitize input to the 'w' and 'h' parameters of the 'lib/exe/fetch.php' script before using it to execute a command when resizing images. An unauthenticated...

RHEL 2.1 : openssh (RHSA-2006:0698)

Updated openssh packages that fix several security issues in sshd are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package...

GLSA-200609-16 : Tikiwiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200609-16 Tikiwiki: Arbitrary command execution A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of tiki-searchindex.php. Impact ...

Tikiwiki: Arbitrary command execution

Background Tikiwiki is a web-based groupware and content management system, developed with PHP, ADOdb and Smarty. Description A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of...

WS_FTP XCRC buffer overflow

Added: 09/22/2006 CVE: CVE-2006-4847 BID: 20076 OSVDB: 28939 Background WSFTP Server is an FTP server for Windows platforms. Problem Buffer overflows in multiple FTP commands allow an authenticated attacker to execute arbitrary commands. Resolution Upgrade to WSFTP Server 5.05 Hotfix 1. Reference...

CVE-2006-4882

SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter...

Mercury Mail IMAP DELETE command buffer overflow

Added: 09/18/2006 CVE: CVE-2004-1211 BID: 11775 OSVDB: 12508 Background Mercury Mail Transport System is an e-mail server product for Windows and NetWare. Problem Buffer overflow vulnerabilities in the IMAP service allow authenticated attackers to execute arbitrary commands using long arguments t...

GLSA-200609-10 : DokuWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200609-10 DokuWiki: Arbitrary command execution 'rgod' discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a file. Additionally, the...