Solaris 2.5.12.678 rlogin (SPARC) - binlogin Remote Buffer Overflow

Solaris 2.5.12.678 rlogin SPARC - binlogin Remote Buffer Overflow / $Id: raptorrlogin.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorrlogin.c - rlogin, Solaris/SPARC 2.5.1/2.6/7/8 Copyright c 2004 Marco Ivaldi Buffer overflow in login in various System V based operating systems allows remote...

Crystal FTP Pro Client Buffer Overflow

Package: Crystal FTP Pro Auth: http://www.casdk.com/ Version: 2.8 current release and below Vulnerability Type: Arbitrary Command Execution Crystal FTP Pro Description from the Developer: Crystal FTP Pro is a Top awarded FTP client for dummies and experts. The state of the art user-interface used...

[SECURITY] [DSA 612-1] New a2ps packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 612-1 [email protected] http://www.debian.org/security/ Martin Schulze December 20th, 2004 http://www.debian.org/security/faq -...

STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability

STG Security Advisory: SSA-20041214-14 GNUBoard PHP injection vulnerability Revision 1.0 Date Published: 2004-12-14 KST Last Update: 2004-12-14 Disclosed by SSR Team [email protected] Summary ======== GNUBoard is one of widely used web BBS applications in Korea. Because of an input...

STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard

STG Security Advisory: SSA-20041215-17 Vulnerability of uploading files with multiple extensions in JSBoard Revision 1.0 Date Published: 2004-12-15 KST Last Update: 2004-12-15 Disclosed by SSR Team [email protected] Summary ======== JSBoard is one of widely used web BBS applications in...

yamt -- arbitrary command execution vulnerability

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution

KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application...

rssh and scponly arbitrary command execution

Vulnerable applications: rssh All versions All operating systems scponly All versions All operating systems Not vulnerable: Discussion: rssh and scponly are restricted shells that are designed to allow execution only of certain preset programs. Both are used to grant a user the ability to transfe...

SCPOnly 2.x/3.x - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow an attacker to gain elevated privileges on a...

SCPOnly 2.x3.x - Arbitrary Command Execution

SCPOnly 2.x3.x - Arbitrary Command Execution source: https://www.securityfocus.com/bid/11791/info scponly is reported prone to a remote arbitrary command execution vulnerability. This issue may allow a remote attacker to execute commands and scripts on a vulnerable computer and eventually allow a...

[Full-Disclosure] [ GLSA 200411-33 ] TWiki: Arbitrary command execution

Gentoo Linux Security Advisory GLSA 200411-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

GLSA-200411-33 : TWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200411-33 TWiki: Arbitrary command execution The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string. Impact :...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

phpbb -- arbitrary command execution and other vulnerabilities

The ChangeLog for phpBB 2.0.11 states: Changes since 2.0.10 Fixed vulnerability in highlighting code very high severity, please update your installation as soon as possible Fixed unsetting global vars - Matt Kavanagh Fixed XSS vulnerability in username handling - AnthraX101 Fixed not confirmed sq...

PowerPortal index.php index_page Parameter SQL Injection

The remote host is using PowerPortal, a content management system, written in PHP. A vulnerability exists in the remote version of this product that could allow a remote attacker to perform a SQL injection attack against the remote host. An attacker could exploit this flaw to execute arbitrary SQ...

Mandrake Linux Security Advisory : sudo (MDKSA-2004:133)

Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue...

Open WebMail userstat.pl Arbitrary Command Execution

The target is running at least one instance of Open WebMail in which the userstat.pl component fails to sufficiently validate user input. This failure enables remote attackers to execute arbitrary programs on the target using the privileges under which the web server operates. For further...

Veritas NetBackup - Remote Command Execution (Metasploit)

$Id: veritasnetbackupcmdexec.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...