8691 matches found
Debian DSA-760-1 : ekg - several vulnerabilities
Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creatio...
phpBB 2.0.15 Remote PHP Code Execution Exploit (metasploit)
No description provided by source. Title: phpBB 2.0.15 arbitrary command execution eXploit Name: phpphpbb2015.pm License: Artistic/BSD/GPL Info: Coded because of boredom. - This is an exploit module for the Metasploit Framework, please see http://metasploit.com/projects/Framework for more...
[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 760-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...
FreeBSD : ruby -- arbitrary command execution on XMLRPC server (594eb447-e398-11d9-a8bd-000cf18bbe54)
Nobuhiro IMAI reports : the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods'sample', MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...
Slackware 9.0 / current : WU-FTPD Security Advisory (SSA:2003-259-03)
Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature mostly used to compress files, or produce tar archives to execute arbitrary commands on the serve...
FreeBSD : xloadimage -- arbitrary command execution when handling compressed files (310d0087-0fde-4929-a41f-96f17c5adffe)
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
FreeBSD : rssh & scponly -- arbitrary command execution (f11b219a-44b6-11d9-ae2f-021106004fd6)
Jason Wies identified both rssh & scponly have a vulnerability that allows arbitrary command execution. He reports : The problem is compounded when you recognize that the main use of rssh and scponly is to allow file transfers, which in turn allows a malicious user to transfer and execute entire...
FreeBSD : yamt -- arbitrary command execution vulnerability (d4a7054a-6d96-11d9-a9e7-0001020eed82)
Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...
[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution
------------------------------------------------------------------------ Debian Security Advisory DSA 748-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
Debian DSA-748-1 : ruby1.8 - bad default value
A vulnerability has been discovered in ruby1.8 that could allow arbitrary command execution on a server running the ruby xmlrpc server. The old stable distribution woody did not include ruby1.8. This problem is fixed for the current stable distribution sarge in version 1.8.2-7sarge1. This problem...
Ruby: Arbitrary command execution through XML-RPC
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 745-1] New drupal package fixes multiple vulnerabilities
------------------------------------------------------------------------ Debian Security Advisory DSA 745-1 [email protected] http://www.debian.org/security/ Michael Stone July 10, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
DSA-748-1 ruby1.8 - bad default value
Bulletin has no description...
DSA-745-1 drupal - arbitrary command execution
Bulletin has no description...
GLSA-200507-06 : TikiWiki: Arbitrary command execution through XML-RPC
The remote host is affected by the vulnerability described in GLSA-200507-06 TikiWiki: Arbitrary command execution through XML-RPC TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact : A remote attacker could exploit this vulnerability to execute arbitrary...
TikiWiki: Arbitrary command execution through XML-RPC
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...
GLSA-200507-03 : phpBB: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-200507-03 phpBB: Arbitrary command execution Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Impact : Successful exploitation would grant an attacker unrestricted access to the PHP exec or...
Community Link Pro - login.cgi?File Remote Command Execution
Community Link Pro - login.cgi?File Remote Command Execution source: https://www.securityfocus.com/bid/14097/info Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Due to this, an...
Fedora Core 4 : sudo-1.6.8p8-2.2 (2005-473)
Tue Jun 21 2005 Karel Zak 1.6.8p8-2.2 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...