8695 matches found
CVE-2005-0292
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry phpGiftReg 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the 1 messageid, 2 shopper, 3 shopfor, or 4 itemid parameters...
awstats -- arbitrary command execution
Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...
CVE-2005-0362
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...
CVE-2004-1389
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process,...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki does not validate files uploaded to the "temp" directory. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...
CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...
CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
CVE-2004-1184
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...
DEBIAN-CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames...
[SECURITY] [DSA 650-1] New sword packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 650-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2005 http://www.debian.org/security/faq -...
DSA-650-1 sword - missing input sanitising
Bulletin has no description...
Moderate: Red Hat Security Advisory: krb5 security update
Updated Kerberos krb5 packages that correct buffer overflow and temporary file bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party a KDC to authenticate clients and servers to each other. A heap based buffer overflow b...
Veritas NetBackup "bpjava-susvc" process contains an input validation error
Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...
STG Security Advisory 2005-01-13.25
STG Security Advisory: SSA-20050113-25 ZeroBoard multiple vulnerabilities Revision 1.1 Date Published: 2004-12-31 KST Last Update: 2005-1-13 Disclosed by SSR Team [email protected] Summary ======= ZeroBoard is one of widely used web BBS applications in Korea. However, an input validation...
AWStats 6.2-6.1 configdir Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability
Exim hostaton Buffer Overflow Vulnerability iDEFENSE Security Advisory IDEF0725 http://www.idefense.com/application/poi/display?type=vulnerabilities January 07, 2005 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at:...
STG Security Advisory: [SSA-20041224-21] File extensions restriction bypass vulnerability in GNUBoard
STG Security Advisory: SSA-20041224-21 File extensions restriction bypass vulnerability in GNUBoard. Revision 1.0 Date Published: 2004-12-24 KST Last Update: 2005-01-03 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea...
CVE-2004-1468
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message...
CVE-2004-2270
Unknown vulnerability in IBM Parallel Environment PE 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code...