7622 matches found
DSA-690-1 bsmtpd - missing input sanitising
Bulletin has no description...
CVE-2005-0516
The ImageGalleryPlugin ImageGalleryPlugin.pm in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails...
xloadimage -- arbitrary command execution when handling compressed files
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
HP-UX PHNE_23697 : HP-UX running xntpd(1M), Remote Execution of Arbitrary Commands, Increased Privilege (HPSBUX00148 SSRT071379 rev.4)
s700800 11.00 NTP timeservices upgrade plus utilities : The HP-UX NTP daemon xntpd contains an exploitable vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHNE23697. The text itself is copyright ...
Debian DSA-682-1 : awstats - missing input sanitizing
In addition to CAN-2005-0116 more vulnerabilities have been found in awstats, a powerful and featureful web server log analyzer with a CGI frontend. Missing input sanitising can cause arbitrary commands to be executed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Low: Red Hat Security Advisory: enscript security update
An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret...
GLSA-200501-41 : TikiWiki: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-200501-41 TikiWiki: Arbitrary command execution TikiWiki does not validate files uploaded to the 'temp' directory. Impact : A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
The remote version of vBulletin is vulnerable to a remote command execution flaw through the script 'forumdisplay.php'. A malicious user could exploit this flaw to execute arbitrary commands on the remote host with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security,...
GLSA-200501-02 : a2ps: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-02 a2ps: Multiple vulnerabilities Javier Fernandez-Sanguino Pena discovered that the a2ps package contains two scripts that create insecure temporary files fixps and psmandup. Furthermore, we fixed in a previous revision a...
CVE-2005-0292
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry phpGiftReg 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the 1 messageid, 2 shopper, 3 shopfor, or 4 itemid parameters...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
CVE-2005-0362
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...
CVE-2004-1389
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process,...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...
CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
DEBIAN-CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...