8691 matches found
CVE-2000-1220
The line printer daemon lpd in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file...
CVE-2005-0130
Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in 1 channel names or 2 song names that are not properly quoted when the user runs IRC scripts...
AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Severity: High Title: AlstraSoft EPay Pro v2.0 has file include and multiple xss vulnerabilities Date: 02/04/2005 Vendor: AlstraSoft...
CVE-2005-0868
AS/400 Telnet 5250 terminal emulation clients, as implemented by 1 IBM client access, 2 Bosanova, 3 PowerTerm, 4 Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO Start PC Organizer command followed by STRPCCMD Start PC command, a...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...
[SECURITY] [DSA 690-1] New bsmtpd packages fix arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 690-1 [email protected] http://www.debian.org/security/ Martin Schulze February 25th, 2005 http://www.debian.org/security/faq -...
DSA-690-1 bsmtpd - missing input sanitising
Bulletin has no description...
CVE-2005-0516
The ImageGalleryPlugin ImageGalleryPlugin.pm in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails...
xloadimage -- arbitrary command execution when handling compressed files
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
HP-UX PHNE_23697 : HP-UX running xntpd(1M), Remote Execution of Arbitrary Commands, Increased Privilege (HPSBUX00148 SSRT071379 rev.4)
s700800 11.00 NTP timeservices upgrade plus utilities : The HP-UX NTP daemon xntpd contains an exploitable vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHNE23697. The text itself is copyright ...
Debian DSA-682-1 : awstats - missing input sanitizing
In addition to CAN-2005-0116 more vulnerabilities have been found in awstats, a powerful and featureful web server log analyzer with a CGI frontend. Missing input sanitising can cause arbitrary commands to be executed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Low: Red Hat Security Advisory: enscript security update
An updated enscript package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU enscript converts ASCII files to PostScript. Enscript has the ability to interpret...
GLSA-200501-41 : TikiWiki: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-200501-41 TikiWiki: Arbitrary command execution TikiWiki does not validate files uploaded to the 'temp' directory. Impact : A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
vBulletin forumdisplay.php comma Parameter Arbitrary Command Execution
The remote version of vBulletin is vulnerable to a remote command execution flaw through the script 'forumdisplay.php'. A malicious user could exploit this flaw to execute arbitrary commands on the remote host with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security,...
GLSA-200501-02 : a2ps: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200501-02 a2ps: Multiple vulnerabilities Javier Fernandez-Sanguino Pena discovered that the a2ps package contains two scripts that create insecure temporary files fixps and psmandup. Furthermore, we fixed in a previous revision a...
CVE-2005-0292
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry phpGiftReg 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the 1 messageid, 2 shopper, 3 shopfor, or 4 itemid parameters...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
CVE-2005-0362
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...
CVE-2004-1389
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process,...