[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 496-1 [email protected] http://www.debian.org/security/ Martin Schulze April 29th, 2004 http://www.debian.org/security/faq -...

CVE-2004-0151

Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands...

CVE-2004-0377

CVE-2004-0377: A buffer overflow in the win32_stat wrapper used by ActivePerl (ActiveState) and Larry Wall’s Perl up to 5.8.3 allows local or remote code execution when a filename ends with a backslash. Exploitation depends on how the vulnerable Perl is used by an application; Windows environment...

Aborior Encore Web Forum - Arbitrary Command Execution

Aborior Encore Web Forum - Arbitrary Command Execution source: https://www.securityfocus.com/bid/10040/info Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's...

Aborior Encore Web Forum - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/10040/info Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's failure to properly validate user-supplied URI input. ...

SpiderSales Shopping Cart SQL injection

The remote host is running the SpiderSales Shopping Cart CGI suite. There is a bug in this suite which may allow an attacker to force it to execute arbitrary SQL statements on the remote host. An attacker may use this flaw to gain the control of the remote website and possibly execute arbitrary...

AllMyLinks PHP Code Injection vulnerability

AllMyLinks PHP Code Injection vulnerability Product : AllMyLinks Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/footer.inc.php -------------------------------------------------------------- $AMLfooterget =...

AllMyVisitors PHP Code Injection vulnerability

AllMyVisitors PHP Code Injection vulnerability Product : AllMyVisitors Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/info.inc.php -------------------------------------------------------------- $AMVinfoget =...

AllMyVisitors 0.x - info.inc.php Arbitrary Code Execution

AllMyVisitors 0.x - info.inc.php Arbitrary Code Execution source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP applications AllMyGuests, AllMyLinks and AllMyVisitors are prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed...

AllMyGuests 0.x - 'info.inc.php' Arbitrary Code Execution

source: https://www.securityfocus.com/bid/9664/info Reportedly the AllMyPHP application AllMyGuests is prone to a remote file include vulnerability. The issue is due to insufficient filtering of URI passed variables that are used in a 'requireonce' call. This issue may allow a remote attacker to...

Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution

source: https://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when a specially formatted HCP URI that references a local resource is...

Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution

Microsoft Windows XP - HCP URI Handler Arbitrary Command Execution source: https://www.securityfocus.com/bid/9621/info The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when...

CVE-2003-0949

xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands...

Qualiteam X-Cart 3.x - upgrade.php?perl_binary Arbitrary Command Execution

Qualiteam X-Cart 3.x - upgrade.php?perlbinary Arbitrary Command Execution source: https://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of...

Qualiteam X-Cart Multiple Script perl_binary Parameter Arbitrary Command Execution

The remote host is running Qualiteam X-Cart - a shopping cart software written in PHP. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. In addition to this, there are some flaws that could allo...

Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution

The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...

Leif M. Wright Web Blog 1.1 - Remote Command Execution

source: https://www.securityfocus.com/bid/9539/info Web Blog has been reported to be prone to a vulnerability that may permit remote attackers to execute arbitrary commands in the context of the hosting web server. This is due to insufficient sanitization of shell metacharacters from variables...

KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader

Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...

Kietu 2/3 - 'index.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, which may result in execution of arbitrary...

Kietu 23 - index.php Remote File Inclusion

Kietu 23 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, whi...