Debian DSA-933-1 : hylafax - arbitrary command execution

Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

fbida: Arbitrary command execution

Background fbida is a collection of image viewers and editors for the framebuffer console and X11. fbgs is a PostScript and PDF viewer for the linux framebuffer console. Description Toth Andras has discovered a typographic mistake in the "fbgs" script, shipped with fbida if the "fbcon" and "pdf"...

CVE-2006-2720

SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter...

Perlpodder Remote Arbitrary Command Execution

Advisory: Perlpodder Remote Arbitrary Command Execution RedTeam identified a security flaw in perlpodder which makes it possible for a malicious podcast server to execute arbitrary shell commands on the victim's client. Details ======= Product: perlpodder Affected Versions: All versions up to...

guestbook.cgi

The 'guestbook.cgi' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. OpenVAS Vulnerability Test $Id: guestbook.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: guestbook.cgi Authors: Mathie...

nph-publish.cgi

The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the http daemon usually root or nobody. OpenVAS Vulnerability Test $Id: nph-publish.nasl 8023 2017-12-07 08:36:26Z teissa $ Description:...

sudo -- arbitrary command execution

Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...

TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution

source: https://www.securityfocus.com/bid/14960/info A remote command execution vulnerability affects the application. The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute...

JVN#40940493 Webmin and Usermin authentication bypass vulnerability

Impact A remote attacker could bypass Webmin and Usermin's authentication, and execute an arbitrary command with root privileges. Solution Products Affected Webmin Version 1.200 - 1.220 Usermin Version 1.130 - 1.160...

[Full-disclosure] [ GLSA 200508-09 ] bluez-utils: Bluetooth device name validation vulnerability

Gentoo Linux Security Advisory GLSA 200508-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

FreeBSD : yamt -- arbitrary command execution vulnerability (d4a7054a-6d96-11d9-a9e7-0001020eed82)

Manigandan Radhakrishnan discovered a security vulnerability in YAMT which can lead to execution of arbitrary commands with the privileges of the user running YAMT when sorting based on MP3 tags. The problem exist in the id3tagsort routine which does not properly sanitize the artist tag from the...

FreeBSD : ruby -- arbitrary command execution on XMLRPC server (594eb447-e398-11d9-a8bd-000cf18bbe54)

Nobuhiro IMAI reports : the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods'sample', MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...

Community Link Pro - login.cgi?File Remote Command Execution

Community Link Pro - login.cgi?File Remote Command Execution source: https://www.securityfocus.com/bid/14097/info Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Due to this, an...

security flaw

LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name...

DSA-364-2 man-db - buffer overflows, arbitrary command execution

Bulletin has no description...

Moderate: Red Hat Security Advisory: : : : Updated hanterm packages provide security fixes

Updated hanterm packages fix two security issues. Hangul Terminal is a terminal emulator for the X Window System, based on Xterm. Hangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the command lin...

CVE-2002-0516

CVE-2002-0516 affects SquirrelMail 1.2.5 and earlier. Affected component: THEME cookie handling. Root cause: authenticated users can modify the THEME cookie to execute arbitrary commands. Impact is high (complete confidentiality, integrity, and availability) as per the cited report. No remediatio...

Sun Sunsolve CD Pack sscd_suncourier.pl email Parameter Arbitrary Command Execution

The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. Sunsolve CD CGI scripts does not validate user input. Crackers may use them to execute some commands on your system. Note: Nessus did not try to...

CVE-2001-0595

Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMSPROFILES environment variable, e.g. as demonstrated using the kcmsconfigure program...

Solaris 8.0 LPD - Command Execution (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Solaris LPD...