JamMail 1.8 - Jammail.pl Arbitrary Command Execution

source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to various attacks including unauthorized access to an...

e107 ePing Plugin doping.php Arbitrary Code Execution

The installation of e107 on the remote host includes a version of the ePing plugin that is affected by a command execution vulnerability. This plugin fails to sanitize the 'epingcmd', 'epingcount' and/or 'epinghost' parameters of the 'doping.php' script before using them in a system call. An...

CVE-2005-1789

SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password...

Gentoo Webapp-Config 1.10 - Insecure File Creation

Gentoo Webapp-Config 1.10 - Insecure File Creation source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writin...

Gentoo Webapp-Config 1.10 - Insecure File Creation

source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to cau...

Gforge - viewFile.php security flaw

-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : 4.0 Bug fixed : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Auth...

PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary Command Execution

Binary data 2933.prm...

Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution

Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...

DEBIAN-CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script...

CVE-2004-1876

The CVE-2004-1876 issue affects ClamAV's clamd (VirusEvent directive) prior to version 0.70. The vulnerability arises from using the "%f" parameter to substitute the file name, allowing a local user to trigger shell metacharacters and execute arbitrary commands with privileges of the antivirus pr...

gzip: Multiple vulnerabilities

Background gzip GNU zip is a popular compression program. The included zgrep utility allows you to grep gzipped files in place. Description The gzip and gunzip programs are vulnerable to a race condition when setting file permissions CAN-2005-0988, as well as improper handling of filename...

CVE-2005-1341

Apple Terminal 1.4.4 is affected by CVE-2005-1341, with the issue allowing execution of arbitrary commands via terminal escape sequences. The vulnerability concerns Terminal and related escape handling in macOS components; the initial description explicitly names Terminal 1.4.4 as vulnerable to c...

Open WebMail Shell Escape Arbitrary Command Execution

According to its banner, the version of Open WebMail installed on the remote host may allow execution of arbitrary shell commands due to its failure to ensure shell escape characters are removed from filenames and other strings before trying to read from them. %NASLMINLEVEL 70300 C Tenable Networ...

Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution

Binary data 2875.prm...

CVE-2005-0130

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in 1 channel names or 2 song names that are not properly quoted when the user runs IRC scripts...

AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Severity: High Title: AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities Date: 02/04/2005 Vendor: AlstraSoft...

CVE-2005-0868

AS/400 Telnet 5250 terminal emulation clients, as implemented by 1 IBM client access, 2 Bosanova, 3 PowerTerm, 4 Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO Start PC Organizer command followed by STRPCCMD Start PC command, a...

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

[SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 690-1 [email protected] http://www.debian.org/security/ Martin Schulze February 25th, 2005 http://www.debian.org/security/faq -...