SCPOnly 2.x/3.x - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a...

SCPOnly 2.x3.x - Arbitrary Command Execution

SCPOnly 2.x3.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow a...

[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution

Gentoo Linux Security Advisory GLSA 200411-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

GLSA-200411-33 : TWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200411-33 TWiki: Arbitrary command execution The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string. Impact :...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

phpbb -- arbitrary command execution and other vulnerabilities

The ChangeLog for phpBB 2.0.11 states: Changes since 2.0.10 Fixed vulnerability in highlighting code very high severity, please update your installation as soon as possible Fixed unsetting global vars - Matt Kavanagh Fixed XSS vulnerability in username handling - AnthraX101 Fixed not confirmed sq...

PowerPortal index.php index_page Parameter SQL Injection

The remote host is using PowerPortal, a content management system, written in PHP. A vulnerability exists in the remote version of this product that could allow a remote attacker to perform a SQL injection attack against the remote host. An attacker could exploit this flaw to execute arbitrary SQ...

Mandrake Linux Security Advisory : sudo (MDKSA-2004:133)

Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue...

Open WebMail userstat.pl Arbitrary Command Execution

The target is running at least one instance of Open WebMail in which the userstat.pl component fails to sufficiently validate user input. This failure enables remote attackers to execute arbitrary programs on the target using the privileges under which the web server operates. For further...

Veritas NetBackup - Remote Command Execution (Metasploit)

$Id: veritasnetbackupcmdexec.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution

According to its banner, the remote version of phpMyAdmin is between 2.5.0 and 2.6.0-pl1. Such versions may allow an authenticated, remote attacker to run arbitrary commands subject to the privileges of the web server due to the way external MIME-based transformations are handled. Note that...

[SA12831] WeHelpBUS Arbitrary Command Execution Vulnerability

TITLE: WeHelpBUS Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12831 VERIFY ADVISORY: http://secunia.com/advisories/12831/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: WeHelpBUS 0.x http://secunia.com/product/4057/ DESCRIPTION: A vulnerability ha...

[SA12813] phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability

TITLE: phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12813 VERIFY ADVISORY: http://secunia.com/advisories/12813/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ DESCRIPTION: A...

ocPortal index.php req_path Parameter Remote File Inclusion

The remote host is running ocPortal, a content management system written in PHP. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary commands on the remote host by using a file inclusion bug in the file 'index.php'. An attacker may execute...

MS04-036: Microsoft NNTP Component Remote Overflow (883935) (uncredentialed check)

The remote host is running a version of Microsoft NNTP server that is vulnerable to a buffer overflow issue. An attacker may exploit this flaw to execute arbitrary commands on the remote host with the privileges of the NNTP server process. C Tenable Network Security, Inc. include"compat.inc"; if...

Zanfi CMS Lite index.php inc Parameter Remote File Inclusion

The remote host is running Zanfi CMS Lite, a content management system written in PHP. There is a bug in the remote version of this software that may allow an attacker to execute arbitrary commands on the remote host by using a file inclusion bug in the file 'index.php'. An attacker may execute...

Debian DSA-284-1 : kdegraphics - insecure execution

The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...

Debian DSA-364-3 : man-db - buffer overflows, arbitrary command execution

man-db provides the standard man1 command on Debian systems. During configuration of this package, the administrator is asked whether man1 should run setuid to a dedicated user 'man' in order to provide a shared cache of preformatted manual pages. The default is for man1 NOT to be setuid, and in...