Debian DSA-405-1 : xsok - missing privilege release

Steve Kemp discovered a problem in xsok, a single player strategy game for X11, related to the Sokoban game, which leads a user to execute arbitrary commands under the GID of games. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-420-1 : jitterbug - improperly sanitised input

Steve Kemp discovered a security related problem in jitterbug, a simple CGI based bug tracking and reporting tool. Unfortunately the program executions do not properly sanitize input, which allows an attacker to execute arbitrary commands on the server hosting the bug database. As mitigating...

Debian DSA-235-1 : kdegraphics - several vulnerabilities

The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be...

Debian DSA-204-1 : kdelibs - arbitrary program execution

The KDE team has discovered a vulnerability in the support for various network protocols via the KIO. The implementation of the rlogin and telnet protocols allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using...

Debian DSA-293-1 : kdelibs - insecure execution

The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...

GLSA-200409-24 : Foomatic: Arbitrary command execution in foomatic-rip filter

The remote host is affected by the vulnerability described in GLSA-200409-24 Foomatic: Arbitrary command execution in foomatic-rip filter There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variabl...

Mambo Open Source 4.5.1 (1.0.9) - Function.php Arbitrary Command Execution

Mambo Open Source 4.5.1 1.0.9 - Function.php Arbitrary Command Execution source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate...

Mambo Open Source 4.5.1 (1.0.9) - 'Function.php' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may leverage these issues to execute...

Low: Red Hat Security Advisory: mc security update

An updated mc package that resolves several shell escape security issues is now available. Updated 5 January 2005 Packages have been updated to include the gmc and mcserv packages which were left out of the initial errata. Midnight Commander mc is a visual shell much like a file manager. Shell...

bbsEMarket.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20040915-07 BBS E-Market Professional multiple vulnerabilities Revision 1.0 Date Published: 2004-09-15 KST Last Update: 2004-09-15 Disclosed by SSR Team [email protected] Abstract ======== BBS E-MarketBobusang in Kore...

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

CVE-2004-0745

The CVE-2004-0745 issue affects LHA 1.14 and earlier, where an attacker could trigger arbitrary command execution by creating a directory name with shell metacharacters. Reported impact is remote command execution with the vulnerability allowing complete confidentiality, integrity, and availabili...

GLSA-200409-05 : Gallery: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200409-05 Gallery: Arbitrary command execution The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file...

Gallery: Arbitrary command execution

Background Gallery is a PHP script for maintaining online photo albums. Description The upload handling code in Gallery places uploaded files in a temporary directory. After 30 seconds, these files are deleted if they are not valid images. However, since the file exists for 30 seconds, a carefull...

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitra...

CVE-2003-0077

The CVE concerns hanterm/hanterm-xf terminal emulators (2.0.5 and earlier). Affected component is the escape sequence that sets the window title; an attacker could craft a sequence that places a command into the title and, when the user views the file containing it, that command could be executed...

CVE-2002-1548

Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."...

CVE-2003-0069

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

CVE-2003-0067

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

CVE-2002-1377

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...