CentOS 4 : ruby (CESA-2005:543)

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby...

CVE-2006-3072

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation...

WordPress: Arbitrary command execution

Background WordPress is a PHP and MySQL based content management and publishing system. Description rgod discovered that WordPress insufficiently checks the format of cached username data. Impact An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially...

SpamAssassin spamd vpopmail user vulnerability

Added: 06/09/2006 CVE: CVE-2006-2447 BID: 18290 OSVDB: 26177 Background SpamAssassin identifies spam e-mail using a variety of local and network based tests. spamd is a component of SpamAssassin which allows it to run as a network daemon. Problem When the vpopmail -v and paranoid -P options are...

HP OpenView Storage Data Protector unauthorized access

Arbitrary command execution is possible...

SpamAssassin spamd Crafted Message Arbitrary Command Execution

The remote host is running spamd, a daemon belonging to SpamAssassin and used to determine whether messages represent spam. The installed version of spamd on the remote host appears to allow an unauthenticated user to execute arbitrary commands, subject to the privileges of the user under which i...

dotclear_124_php5_xpl.txt

!/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear" "fil atom" "fil rss" +commentaires\r\n\r\n"; /...

DotClear 1.2.4 - 'prepend.php' Remote File Inclusion

!/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear" "fil atom" "fil rss" +commentaires\r\n\r\n"; /...

[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...

[security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00671912 Version: 1 HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution NOTICE: The information in this Security Bulletin should be acted upon as...

[security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00672314 Version: 1 HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager OV NNM Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation NOTICE: The...

rt-sa-2006-002.txt

Advisory: Prodder Remote Arbitrary Command Execution RedTeam identified a security flaw in prodder which makes it possible for a malicious podcast server to execute arbitrary shell commands on the victim's client. Details ======= Product: Prodder Affected Versions: All versions up to prodder-0.4...

Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Nucleus = 3.22 arbitrary remote inclusion exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "this is called the "deadly eyes of Sun-tzu"\r\n"; echo "dork:...

Prodder 0.4 - Arbitrary Shell Command Execution

Prodder 0.4 - Arbitrary Shell Command Execution source: https://www.securityfocus.com/bid/18068/info Prodder is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to...

[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1058-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2006 http://www.debian.org/security/faq -...

FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)

Tavis Ormandy reports : The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may al...

AWStats migrate Parameter Arbitrary Command Execution

The remote host is running AWStats, a free logfile analysis tool written in Perl. The version of AWStats installed on the remote host fails to sanitize input to the 'migrate' parameter before passing it to a Perl 'open' function. Provided 'AllowToUpdateStatsFromBrowser' is enabled in the AWStats...

AWStats 6.4 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)

AWStats 6.4 6.5 - AllowToUpdateStatsFromBrowser Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution.

.oOOo. MySQL COMTABLEDUMP .oOOo. Information Leakage and Arbitrary command execution ============================== - Summary: MySQL Server has an information leakage flaw, if a malicious client sends a specific forged packet. Moreover some particular input can crash the server by overwriting the...