1885 matches found
Microsoft Windows - URI Handler Command Execution
source: https://www.securityfocus.com/bid/25945/info Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in...
PuTTY window title escape character arbitrary command execution
PuTTY is a free SSH client. This version contains a flaw that may allow a malicious user to insert arbitrary commands and execute them. The issue is triggered when an attacker sends commands, preceded by terminal emulator escape sequences. It is possible that the flaw may allow arbitrary code...
USN-162-1: ekg and Gadu library vulnerabilities
Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the...
irix-infosrch.cgi.txt
Hi, InfoSearch is a web-based interface to books, manpages, and relnotes, distributed by SGI. No suprises here, no parsing is done on the 'fname' variable before being passed to man2html. i.e. when cmd is 'getdoc' and db is 'man'. Also, fname is the full path to the manpage/relnote! I'm sure...
CVE-2024-32354
TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...