DokuWiki: Arbitrary command execution

Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...

GLSA-200608-22 : fbida: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200608-22 fbida: Arbitrary command execution Toth Andras has discovered a typographic mistake in the 'fbgs' script, shipped with fbida if the 'fbcon' and 'pdf' USE flags are both enabled. This script runs 'gs' without the -dSAFER...

CVE-2006-4306

Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control RBAC settings in the "File System Management" profile...

[EXPL] Easy File Sharing FTP Server PASS Buffer Overflow (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Novell Identity Manager - Arbitrary Command Execution

Novell Identity Manager - Arbitrary Command Execution source: https://www.securityfocus.com/bid/19688/info Novell Identity Manager is prone to an arbitrary command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands with superuser privileges. Exploiting...

Novell Identity Manager - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/19688/info Novell Identity Manager is prone to an arbitrary command-execution vulnerability. A local attacker can exploit this issue to execute arbitrary commands with superuser privileges. Exploiting this issue allows attackers to completely compromise...

HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution

Binary data 3728.prm...

HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00742778 Version: 1 HPSBMA02138 SSRT061184 rev.1 - HP OpenView Storage Data Protector, Remote Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be acted upon as...

Mozilla Firefox JavaScript Navigator object vulnerability

Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...

Mozilla Firefox JavaScript Navigator object vulnerability

Added: 08/14/2006 CVE: CVE-2006-3677 BID: 19192 OSVDB: 27559 Background When used in a web page, Java references properties of the window.navigator object as it starts up in Firefox or SeaMonkey. Problem If a web page replaces the navigator object before starting Java, then the page could cause t...

CentOS 3 : openssh (CESA-2006:0298)

Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...

TWiki 4.0.4 - Configure Script Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

TWiki configure Script Arbitrary Command Execution

The version of TWiki installed on the remote host uses an unsafe 'eval' in the 'bin/configure' script that can be exploited by an unauthenticated attacker to execute arbitrary Perl code subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CS-MARS JBoss jmx-console access

Added: 07/26/2006 CVE: CVE-2006-3733 BID: 19075 OSVDB: 27419 Background The Cisco Security Monitoring, Analysis, and Response System CS-MARS recognizes and correlates network attacks. Problem CS-MARS includes the JBoss web application server with insufficient access control to the jmx-console...

CVE-2006-3844

Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027...

RHEL 3 : openssh (RHSA-2006:0298)

Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...

openssh security update

CentOS Errata and Security Advisory CESA-2006:0298 Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol...

Low: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...

CVE-2006-3590

mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493...

CentOS 3 / 4 : xloadimage (CESA-2005:332)

A new xloadimage package that fixes bugs in handling malformed tiff and pbm/pnm/ppm images, and in handling metacharacters in filenames is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The xloadimage utility displays images in an X...