856 matches found
Webmin 1.x - HTML Email Command Execution
Webmin 1.x - HTML Email Command Execution source: https://www.securityfocus.com/bid/11122/info Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is due to a failure to sanitize HTML email messages and may allow an attacker...
IlohaMail Multiple External Programs Arbitrary Command Execution
The target is running at least one instance of IlohaMail version 0.8.6. This version may contain flaws in the spell check and GnuPG features that allow an authenticated attacker to run arbitrary commands with the privileges of the web user simply by enclosing them in backticks when spell checking...
CVE-2004-0028
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands...
CVE-2002-1478
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...
Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution
Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Othe...
Axis Network Camera 2.x And Video Server 1-3 - 'virtualinput.cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/11011/info 1. A shell metacharacter command-execution vulnerability allows an anonymous user to download the contents of the '/etc/passwd' file on the device. Other commands are also likely to work, facilitating other attacks. This issue is reported to...
Mandrake Linux Security Advisory : kde (MDKSA-2003:004-1)
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this da...
Mozilla Browsers shell: URI Arbitrary Command Execution
The remote host is using Mozilla and/or Firefox, a web browser. The remote version of this software contains a weakness that could allow an attacker to execute arbitrary commands on the remote host. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid12642;...
PHPX 3.x - news.php Cross-Site Request Forgery Arbitrary Command Execution
PHPX 3.x - news.php Cross-Site Request Forgery Arbitrary Command Execution source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly...
CVE-2004-1993
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "" backticks in the password...
CVE-2004-1876
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon clamd before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name...
Leif Wright Web Blog blog.cgi ViewFile Request file Parameter Arbitrary Command Execution
The remote host is running LeifWright's blog.cgi - a CGI designed to handle personal web logs or 'blogs'. There is a bug in this software that could allow an attacker to execute arbitrary commands on the remote web server with the privileges of the web user. %NASLMINLEVEL 70300 C Tenable Network...
FVWM 2.42.5 - fvwm-menu-Directory Command Execution
FVWM 2.42.5 - fvwm-menu-Directory Command Execution source: https://www.securityfocus.com/bid/9161/info It has been reported that FVWM may be prone to a command execution vulnerability that may allow an attacker to execute malicious commands on a vulnerable system. It has been reported that the...
[CLA-2003:665] Conectiva Security Announcement - kopete
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kopete SUMMARY : Remote command execution...
Important: Red Hat Security Advisory: ghostscript security update
A ghostscript package fixing a command execution vulnerability is now available. GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw has been discovered in the way Ghostscript...
Infinity CGI Exploit Scanner Multiple Vulnerabilities
The remote is running Infinity Exploit Scanner, a web-based CGI vulnerability scanner implemented in perl and stored under the name 'nph-exploitscanget.cgi'. There is a flaw in this CGI that lets an attacker execute arbitrary commands on this host. In addition to this, there is a flaw in this CGI...
W3Mail 1.0.2 выполнение команд
Hi! Я обнаружил возможность выполнения команд в W3Mail 1.0.2. Это мощная система для работы с почтой. Это что-то вроде многопользовательского mail-клиента с web интерфейсом. Главная дыра находится в скрипте delete.cgi. Вот кусок кода файла delete.cgi: ... берём логин, пасс и сервак с ящиком...
Stockman Shopping Cart 7.8 - Arbitrary Command Execution
Stockman Shopping Cart 7.8 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/7485/info Stockman Shopping Cart has been reported prone to a remote command execution vulnerability. This issue presents itself in the 'shop.plx' script. The problem results from a lack of sufficie...
DSA-294 gkrellm-newsticker - missing quoting, incomplete parser
Bulletin has no description...
Man Program 1.5 - Unsafe Return Value Command Execution
Man Program 1.5 - Unsafe Return Value Command Execution source: https://www.securityfocus.com/bid/7066/info It has been reported that the man program does not properly handle some types of input. When a man page is processed that could pose a potential security risk, the program reacts in a way...