[SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 203-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2002 http://www.debian.org/security/faq -...

DSA-203 smb2www - arbitrary command execution

Bulletin has no description...

CVE-2002-0836

dvips converter for Postscript files in the tetex package calls the system function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts...

phpMyNewsletter 0.6.10 - Remote File Inclusion

phpMyNewsletter 0.6.10 - Remote File Inclusion source: https://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow...

wp-02-0011: Jetty CGIServlet Arbitrary Command Execution

Westpoint Security Advisory Title: Jetty CGIServlet Arbitrary Command Execution Risk Rating: Medium Software: Jetty Servlet Container Platforms: Win32 other platforms not tested Vendor URL: www.mortbay.org Author: Matt Moore [email protected] Date: 1st October 2002 Advisory ID: wp-02-0011.txt...

Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5852/info A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to execute attacker-specified commands...

Microsoft Word does not check for macros contained in linked template file when opening RTF document

Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...

PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution

Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...

MS Excel XLM Text Macro execution fails to trigger warning when default medium security set

Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed

Overview Textor Webmasters Ltd listrec.pl CGI script does not properly validate input to the "TEMPLATE" CGI variable, allowing arbitrary command execution. Description The CGI script listrec.pl by Textor Webmasters Ltd does not properly validate input to the "TEMPLATE" CGI variable. This value is...

phpWebSite 0.8.2 - PHP File Inclusion

source: https://www.securityfocus.com/bid/5779/info A vulnerability has been discovered in phpWebsite which allows an attacker to remotely include a malicious PHP file. It is possible for an attacker to specify a remote location for phpWebsite to download an attacker-supplied htmlheader.php scrip...

Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site

Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...

phpGB: DoS and executing_arbitrary_commands

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following design error in phpGB: Details - ------- Product: phpGB Affected Version: 1.20 and maybe all versions before Immune Version: 1.30 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status: informed, new...

idefense.webmin.txt

Reference: http://www.securiteam.com/unixfocus/5CP0R1P80G.html Webmin Vulnerability Leads to Remote Compromise RPC CGI ------------------------------------------------------------------------ SUMMARY Webmin is a web-based interface for system administration for Linux/UNIX. Using any browser that...

Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)

NGSSoftware Insight Security Research Advisory Name: Arbitrary Command Execution on SQL Server 2000 Systems: Microsoft SQL Server 2000 SP 2 Severity: High Risk for Distributor servers Category: Arbitrary Command Execution Vendor URL: http://www.microsoft.com/ Author: David Litchfield...

Directory Manager edit_image.php Arbitrary Command Execution

Directory Manager is installed and does not properly filter user input. A remote attacker may use this flaw to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid11104; scriptversion"1.26";...

Viralator CGI Script Arbitrary Command Execution

The CGI 'viralator.cgi' is installed. Some versions of this CGI are don't check properly the user input and allow anyone to execute arbitrary commands with the privileges of the web server. No flaw was tested. Your script might be a safe version. %NASLMINLEVEL 70300 C Tenable Network Security, In...

Mountain Network Systems webcart.cgi Arbitrary Command Execution

webcart.cgi is installed and does not properly filter user input. An attacker may use this flaw to execute any command on your system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. untested Script audit and contributions from Carmichael Security Erik Anderson nb: domain no longer exists...

GoAhead Web Server 2.1 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5464/info GoAhead WebServer is an Open Source embedded web server which supports Active Server Pages, embedded javascript, and SSL authentication and encryption. It is available for a variety of platforms including Microsoft Windows and Linux variant...