8691 matches found
K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution
// source: https://www.securityfocus.com/bid/14059/info CSVDB.CGI/iDB.CGI are affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'csvdb.cgi' script that will be executed in the context of the We...
sudo: Arbitrary command execution
Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...
ruby -- arbitrary command execution on XMLRPC server
Nobuhiro IMAI reports: the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods"sample", MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...
Fedora Core 3 : sudo-1.6.7p5-30.3 (2005-472)
Tue Jun 21 2005 Karel Zak 1.6.7p5-30.3 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...
CVE-2001-1498
Technical details about CVE-2001-1498 are not provided in the connected documents. The initial description notes a buffer overflow in mod_bf 0.2 allowing local command execution, but specifics (versions, root cause, exploit) are not disclosed here. Monitor for updates.
gzip security update
CentOS Errata and Security Advisory CESA-2005:357-01 An updated gzip package is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The gzip package contains the GNU gzip data compression program. A bug was found in the way zgrep processe...
JamMail 1.8 - Jammail.pl Arbitrary Command Execution
source: https://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to various attacks including unauthorized access to an...
e107 ePing Plugin doping.php Arbitrary Code Execution
The installation of e107 on the remote host includes a version of the ePing plugin that is affected by a command execution vulnerability. This plugin fails to sanitize the 'epingcmd', 'epingcount' and/or 'epinghost' parameters of the 'doping.php' script before using them in a system call. An...
CVE-2005-1789
SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password...
Gentoo Webapp-Config 1.10 - Insecure File Creation
Gentoo Webapp-Config 1.10 - Insecure File Creation source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writin...
Gentoo Webapp-Config 1.10 - Insecure File Creation
source: https://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to cau...
Gforge - viewFile.php security flaw
-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : 4.0 Bug fixed : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Auth...
PHP Advanced Transfer Manager < 1.22 File Upload Arbitrary Command Execution
Binary data 2933.prm...
Extreme Networks switches with ExtremeWare XOS allow arbitrary command execution
Overview Some Extreme Networks switches running ExtremeWare XOS have a vulnerability that allows a malicious authenticated user to escape to the underlying operating system command shell with administrator-level root privileges. Description Extreme Network switches running ExtremeWare XOS contain...
DEBIAN-CVE-2005-0758
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script...
CVE-2004-1876
The CVE-2004-1876 issue affects ClamAV's clamd (VirusEvent directive) prior to version 0.70. The vulnerability arises from using the "%f" parameter to substitute the file name, allowing a local user to trigger shell metacharacters and execute arbitrary commands with privileges of the antivirus pr...
gzip: Multiple vulnerabilities
Background gzip GNU zip is a popular compression program. The included zgrep utility allows you to grep gzipped files in place. Description The gzip and gunzip programs are vulnerable to a race condition when setting file permissions CAN-2005-0988, as well as improper handling of filename...
CVE-2005-1341
Apple Terminal 1.4.4 is affected by CVE-2005-1341, with the issue allowing execution of arbitrary commands via terminal escape sequences. The vulnerability concerns Terminal and related escape handling in macOS components; the initial description explicitly names Terminal 1.4.4 as vulnerable to c...
Open WebMail Shell Escape Arbitrary Command Execution
According to its banner, the version of Open WebMail installed on the remote host may allow execution of arbitrary shell commands due to its failure to ensure shell escape characters are removed from filenames and other strings before trying to read from them. %NASLMINLEVEL 70300 C Tenable Networ...
Open Webmail < 2.51 20050430 Shell Escape Arbitrary Command Execution
Binary data 2875.prm...