phpMyAdmin < 2.6.0-pl2 Unspecified Arbitrary Command Execution

According to its banner, the remote version of phpMyAdmin is between 2.5.0 and 2.6.0-pl1. Such versions may allow an authenticated, remote attacker to run arbitrary commands subject to the privileges of the web server due to the way external MIME-based transformations are handled. Note that...

[SA12831] WeHelpBUS Arbitrary Command Execution Vulnerability

TITLE: WeHelpBUS Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12831 VERIFY ADVISORY: http://secunia.com/advisories/12831/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: WeHelpBUS 0.x http://secunia.com/product/4057/ DESCRIPTION: A vulnerability ha...

[SA12813] phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability

TITLE: phpMyAdmin Unspecified Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA12813 VERIFY ADVISORY: http://secunia.com/advisories/12813/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: phpMyAdmin 2.x http://secunia.com/product/1720/ DESCRIPTION: A...

ocPortal index.php req_path Parameter Remote File Inclusion

The remote host is running ocPortal, a content management system written in PHP. There is a bug in the remote version of this software which may allow an attacker to execute arbitrary commands on the remote host by using a file inclusion bug in the file 'index.php'. An attacker may execute...

MS04-036: Microsoft NNTP Component Remote Overflow (883935) (uncredentialed check)

The remote host is running a version of Microsoft NNTP server that is vulnerable to a buffer overflow issue. An attacker may exploit this flaw to execute arbitrary commands on the remote host with the privileges of the NNTP server process. C Tenable Network Security, Inc. include"compat.inc"; if...

Zanfi CMS Lite index.php inc Parameter Remote File Inclusion

The remote host is running Zanfi CMS Lite, a content management system written in PHP. There is a bug in the remote version of this software that may allow an attacker to execute arbitrary commands on the remote host by using a file inclusion bug in the file 'index.php'. An attacker may execute...

Debian DSA-284-1 : kdegraphics - insecure execution

The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...

Debian DSA-405-1 : xsok - missing privilege release

Steve Kemp discovered a problem in xsok, a single player strategy game for X11, related to the Sokoban game, which leads a user to execute arbitrary commands under the GID of games. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Debian DSA-364-3 : man-db - buffer overflows, arbitrary command execution

man-db provides the standard man1 command on Debian systems. During configuration of this package, the administrator is asked whether man1 should run setuid to a dedicated user 'man' in order to provide a shared cache of preformatted manual pages. The default is for man1 NOT to be setuid, and in...

Debian DSA-420-1 : jitterbug - improperly sanitised input

Steve Kemp discovered a security related problem in jitterbug, a simple CGI based bug tracking and reporting tool. Unfortunately the program executions do not properly sanitize input, which allows an attacker to execute arbitrary commands on the server hosting the bug database. As mitigating...

Debian DSA-293-1 : kdelibs - insecure execution

The KDE team discovered a vulnerability in the way KDE uses Ghostscript software for processing of PostScript PS and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewin...

Debian DSA-204-1 : kdelibs - arbitrary program execution

The KDE team has discovered a vulnerability in the support for various network protocols via the KIO. The implementation of the rlogin and telnet protocols allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using...

Debian DSA-235-1 : kdegraphics - several vulnerabilities

The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be...

GLSA-200409-24 : Foomatic: Arbitrary command execution in foomatic-rip filter

The remote host is affected by the vulnerability described in GLSA-200409-24 Foomatic: Arbitrary command execution in foomatic-rip filter There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variabl...

Mambo Open Source 4.5.1 (1.0.9) - Function.php Arbitrary Command Execution

Mambo Open Source 4.5.1 1.0.9 - Function.php Arbitrary Command Execution source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate...

Mambo Open Source 4.5.1 (1.0.9) - &#039;Function.php&#039; Arbitrary Command Execution

source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may leverage these issues to execute...

Low: Red Hat Security Advisory: mc security update

An updated mc package that resolves several shell escape security issues is now available. Updated 5 January 2005 Packages have been updated to include the gmc and mcserv packages which were left out of the initial errata. Midnight Commander mc is a visual shell much like a file manager. Shell...

bbsEMarket.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 STG Security Advisory: SSA-20040915-07 BBS E-Market Professional multiple vulnerabilities Revision 1.0 Date Published: 2004-09-15 KST Last Update: 2004-09-15 Disclosed by SSR Team [email protected] Abstract ======== BBS E-MarketBobusang in Kore...

CVE-2004-0793

The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file...

CVE-2004-0745

The CVE-2004-0745 issue affects LHA 1.14 and earlier, where an attacker could trigger arbitrary command execution by creating a directory name with shell metacharacters. Reported impact is remote command execution with the vulnerability allowing complete confidentiality, integrity, and availabili...