[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 870-1 [email protected] http://www.debian.org/security/ Martin Schulze October 25th, 2005 http://www.debian.org/security/faq -...

CVE-2004-2532

CVE-2004-2532 affects the Serv-U FTP Server prior to version 5.1.0.0. The issue arises from a default administrator account and password that allow a local user to authenticate to the server, create a new user, log in as that user, and then issue a SITE EXEC command to execute arbitrary commands ...

sudo -- arbitrary command execution

Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...

TWiki %INCLUDE Parameter Arbitrary Command Injection

According to its banner, the installed version of TWiki allows an attacker to manipulate input to the 'rev' parameter in order to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

WebGUI 6.x - Arbitrary Command Execution

WebGUI 6.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/15083/info WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. This issue can facilitate unauthorized remote access...

WebGUI 6.x - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/15083/info WebGUI is prone to an arbitrary command execution vulnerability. This is due to insufficient sanitization of user-supplied data. This issue can facilitate unauthorized remote access...

SGI IRIX runpriv utility unfiltered shell characters vulnerability

Unfiltered shell characters allow to execute any command...

DEBIAN-CVE-2005-2966

The Python SVG import plugin diasvgimport.py for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file...

security flaw

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

security flaw

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack...

Mandrake Linux Security Advisory : netpbm (MDKSA-2005:133)

Max Vozeler discovered that pstopnm, a part of the netpbm graphics utility suite, would call the GhostScript interpreter on untrusted PostScript files without using the -dSAFER option when converting a PostScript file into a PBM, PGM, or PNM file. This could result in the execution of arbitrary...

Low: Red Hat Security Advisory: net-snmp security update

Updated net-snmp packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. SNMP Simple Network Management Protocol is a protocol used for network management. A denial of service bug was...

TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14960/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute...

Alkalay.Net Multiple Scripts Arbitrary Command Execution

The remote host appears to be running at least one CGI script written by Avi Alkalay that allows attackers to execute arbitrary commands or read arbitrary files on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Mozilla Browser/Firefox - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14888/info Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate unauthorized remote access. Mozilla Firefox 1.0.6...

Mozilla BrowserFirefox - Arbitrary Command Execution

Mozilla BrowserFirefox - Arbitrary Command Execution source: https://www.securityfocus.com/bid/14888/info Mozilla Browser/Firefox are affected by an arbitrary command-execution vulnerability. This attack would occur in the context of the user running the vulnerable application and may facilitate...

JVN#40940493 Webmin and Usermin authentication bypass vulnerability

Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges. Solution Products Affected Webmin Version 1.200 - 1.220 Usermin Version 1.130 - 1.160...

atutor-151.txt

ATUTOR 1.5.1 possibly prior versions SQL INJECTION / ADMIN & USERS CREDENTIALS DISCLOSURE / INFORMATION DISCLOSURE / USER IMPERSONATION / REMOTE CODE EXECUTION software: site: http://www.atutor.ca/ description: "ATutor is an Open Source Web-based Learning Content Management System LCMS designed...

TWiki 'rev' Parameter Arbitrary Command Execution

The version of TWiki running on the remote host allows an attacker to manipulate input to the 'rev' parameter in order to execute arbitrary shell commands on the remote host subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

TWiki TWikiUsers - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14834/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute...