Slackware: Security Advisory (SSA:2005-251-04)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : emacs -- remote code execution vulnerability (c1e5f35e-f93d-11e1-b07f-00235a5f2c9a)

Chong Yidong reports : Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to t...

DEBIAN-CVE-2012-4245

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command...

CVE-2012-4245

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command...

Command injection

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command...

CVE-2012-4245

CVE-2012-4245 concerns the GIMP 2.6 scriptfu network server which does not require authentication, enabling remote attackers to execute arbitrary commands via the python-fu-eval command. Multiple connected sources document this remote code execution vector in GIMP's scriptfu. Affected product/ver...

CVE-2012-4245

Removed by vendor...

CVE-2012-4245

The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command...

MozillaFirefox: Update to version 15 (critical)

Mozilla Firefox, Thunderbird, xulrunner, seamonkey 15.0 update bnc777588 MFSA 2012-57/CVE-2012-1970 Miscellaneous memory safety hazards MFSA 2012-58/CVE-2012-1972/CVE-2012-1973/CVE-2012-1974/CVE-2012-1 975 CVE-2012-1976/CVE-2012-3956/CVE-2012-3957/CVE-2012-3958/CVE- 2012-3959...

CentOS Update for firefox CESA-2012:1210 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Code injection

The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and...

Thunderbird 10.0.x < 10.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - Unspecified memory safety issues exist. CVE-2012-1970 - Multiple use-after-free errors exist. CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956,...

RHEL 6 : thunderbird (RHSA-2012:1211)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1211 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious...

Symantec Endpoint Protection SemSvc.exe AgentServlet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists within SemSvc.exe which listens by default on TCP port 8443 https. The SemSvc...

PHP IRC Bot pbot - &#039;eval()&#039; Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PHP IRC Bot pbot eval Remote Code...

PHP IRC Bot pbot eval() Remote Code Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

PHP IRC Bot pbot eval() Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PHP IRC Bot pbot eval Remote Code...

PHP IRC Bot pbot eval() Remote Code Execution

This module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version ...

Eaton Network Shutdown Module view_list.php paneStatusListSortBy Parameter eval() Call Remote PHP Code Execution

The version of the Eaton Network Shutdown Module hosted on the remote web server does not sanitize user input to the 'paneStatusListSortBy' parameter of the 'viewlist.php' script before using it as part of a command to be executed via PHP's 'eval' function. An unauthenticated, remote attacker can...

Discuz! X2. 5 latest GetShell0day detailed use-vulnerability warning-the black bar safety net

I heard that Discuz! This time and out of vulnerability, this was a GetShell vulnerabilities. This exploit is relatively new, it should be a lot of stations haven't updated it. Affects versions: 2 0 1 2 0 4 0 7, beta, rc Discuz! X2. 5 Release 2 0 1 2 0 4 0 7 edition in pregreplace using the e...