Security problems in gkrellm-newsticker

Brian Campbell discovered two security-related problems in gkrellm-newsticker, a plugin for the gkrellm system monitor program, which provides a news ticker from RDF feeds. The following IDs were assigned: CAN-2003-0205 gkrellm-newsticker can launch a web browser of the user's choice when the...

DSA-293 kdelibs - insecure execution

Bulletin has no description...

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...

PT-2003-1213 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.6.8 Description: The issue allows remote authenticated Cacti administrators to execute arbitrary commands. This can be achieved by injecting shell metacharacters in the title during edit mode, specifically in the...

a NEW vulnerability in REGEDIT.EXE

Hi list, I have found a new vulnerability in regedit.exe that can be exploited localy or remotely by trapping our registery. --- SNIP --- / 09/04/2003 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ Trapped Registery for REGEDIT.EXE exploit @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (1)

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 1 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...

[SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 284-1 [email protected] http://www.debian.org/security/ Martin Schulze April 12th, 2003 http://www.debian.org/security/faq -...

DSA-284 kdegraphics - insecure execution

Bulletin has no description...

IkonBoard v3.1.1: arbitrary command execution

============================================================================ Vulnerable: IkonBoard 3.1.1 and probably earlier Category: Perl/CGI coding errors Impact: Arbitrary command execution Date: 1st April 2003 Vendor: The Jarvis Group Homepage: http://www.ikonboard.com/ Vendor Status: First...

Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution

The remote lpd daemon is vulnerable to an environment error that could allow an attacker to execute arbitrary commands on this host. Nessus uses this vulnerability to retrieve the password file of the remote host although any command could be executed. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2002-0516

CVE-2002-0516 affects SquirrelMail 1.2.5 and earlier. Affected component: THEME cookie handling. Root cause: authenticated users can modify the THEME cookie to execute arbitrary commands. Impact is high (complete confidentiality, integrity, and availability) as per the cited report. No remediatio...

CVE-2002-0363

CVE-2002-0363 affects GNU Ghostscript prior to 6.53. A vulnerability in PostScript interpretation allows an attacker to cause Ghostscript to execute arbitrary commands by tricking the renderer into resetting the current pagedevice using .locksafe or .setsafe. The issue is due to insufficient vali...

O'Reilly WebSite Pro args.bat Arbitrary Command Execution

The CGI 'args.bat' and/or 'args.cmd' is installed. This CGI has a well known security flaw that lets an attacker upload arbitrary files on the remote web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid1146...

Matt Wright textcounter.pl Arbitrary Command Execution

The CGI 'textcounter' is installed. This CGI has a well known security flaw that lets an attacker execute arbitrary commands with the privileges of the http daemon usually root or nobody. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; i...

VPOPMail for SquirrelMail vpopmail.php Arbitrary Command Execution

The remote host is running an old version of vpopmail.php an extension to squirrelmail which allows users to execute arbitrary commands on the remote host with the same privileges as the web server the user is running as. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Multiple FTP Server setproctitle Function Arbitrary Command Execution

The remote FTP server misuses the function setproctitle and may allow an attacker to gain a root shell on this host by logging in as 'anonymous' and providing a carefully crafted format string as its email address. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11391...

smb2www Unspecified Arbitrary Remote Command Execution

The remote host is running smb2www - a SMB to WWW gateway. There is a flaw in the version of this CGI which allows anyone to execute arbitrary commands on this host by sending a malformed argument to smbshr.pl, one of the components of this solution. %NASLMINLEVEL 70300 C Tenable Network Security...

PXE Server 2.0 - Remote Buffer Overrun

PXE Server 2.0 - Remote Buffer Overrun // source: https://www.securityfocus.com/bid/7129/info A vulnerability has been discovered in PXE which is included with Red Hat Linux. Specifically, it is possible for a remote attacker to overrun a buffer by passing excessive data to the service. This may...

Qpopper 4.0.x - Remote Memory Corruption

Qpopper 4.0.x - Remote Memory Corruption // source: https://www.securityfocus.com/bid/7058/info A memory corruption vulnerability has been discovered in Qpopper version 4.0.4 and earlier. The vulnerability occurs when calling the 'mdef' command and a malicious macro name is supplied. By filling a...

WebWho+ whois.pl time Parameter Arbitrary Command Execution

The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...