CiscoWorks Common Services Home Page Component Unspecified Shell Command Execution

The version of CiscoWorks Common Services installed on the remote Windows host is potentially affected by an arbitrary shell command execution vulnerability. By exploiting this flaw, a remote, authenticated attacker could execute arbitrary commands on the remote host subject to the privileges of...

TWiki 5.1.2 Command Execution

This security advisory alerts you of a potential security issue with TWiki installations: The %MAKETEXT% TWiki variable allows arbitrary shell command execution. The problem is caused by an underlying security issue in the Locale::Maketext CPAN module. Vulnerable Software Version Attack Vectors...

FreeBSD : weechat -- Arbitrary shell command execution via scripts (81826d12-317a-11e2-9186-406186f3d89d)

Sebastien Helleu reports : Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety. %NASLMINLEVEL 70300 C Tenable Network Security,...

weechat -- Arbitrary shell command execution via scripts

Sebastien Helleu reports: Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety...

OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution

source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...

FreeBSD : rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability (1cae628c-3569-11e0-8e81-0022190034c0)

Secunia reports : Input passed via an email from address is not properly sanitised in the 'deliver' function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network...

ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

FreeBSD : twiki -- arbitrary shell command execution (b4af3ede-36e9-11d9-a9e7-0001020eed82)

Hans Ulrich Niedermann reports : The TWiki search function uses a user-supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...

Gentoo Security Advisory GLSA 200611-22 (horde-ingo)

The remote host is missing updates announced in advisory GLSA 200611-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200611-22 (horde-ingo)

The remote host is missing updates announced in advisory GLSA 200611-22. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4101

CVE-2008-4101 affects Vim 3.0 through 7.x prior to 7.2.010. The issue arises from improper escaping in Vim’s keyword/tag handling, allowing user-assisted arbitrary code execution via crafted input when performing certain keystrokes (e.g., ;, Ctrl-], or g]). The connected documents corroborate thi...

Debian Security Advisory DSA 1465-1 (apt-listchanges)

The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Debian Security Advisory DSA 1021-1 (netpbm-free)

The remote host is missing an update to netpbm-free announced via advisory DSA 1021-1. Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of...

[SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1297-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 24th, 2007 http://www.debian.org/security/faq -...

Debian DSA-1240-1 : links2 - insufficient escaping

Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

FreeBSD : ingo -- local arbitrary shell command execution (18a14baa-5ee5-11db-ae08-0008743bf21a)

The Horde team reports a vulnerability within Ingo, the filter management suite. The vulnerability is caused due to inadequete escaping, possibly allowing a local user to execute arbitrary shell commands via procmail. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Debian DSA-1021-1 : netpbm-free - insecure program execution

Max Vozeler from the Debian Audit Project discovered that pstopnm, a converter from Postscript to the PBM, PGM and PNM formats, launches Ghostscript in an insecure manner, which might lead to the execution of arbitrary shell commands, when converting specially crafted Postscript files...

[SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1006-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 16th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1006-1] New wzdftpd packages fix arbitrary shell command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1006-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 16th, 2005 http://www.debian.org/security/faq -...

Twiki rev Parameter Arbitrary Shell Command Execution

Binary data 3223.prm...