CVE-2002-2017

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd...

Debian DSA-749-1 : ettercap - format string error

A vulnerability was discovered in the ettercap package which could allow a remote attacker to execute arbitrary code on the system running ettercap. The old stable distribution woody did not include ettercap. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

Multiple PHP XML-RPC implementations vulnerable to code injection

Overview A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Description XML-RPC is a specification and a set of implementations that allow software running on disparate operating systems and in different environments to make...

CVE-2005-2139

PHP remote file inclusion vulnerability in usercheck.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter...

[SA15861] PEAR XML_RPC Unspecified PHP Code Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Infopop UBB Threads Multiple Vulnerabilities

GulfTech Security Research June 23rd, 2005 Vendor : Infopop Corporation URL : http://www.ubbcentral.com/ubbthreads/ Version : All Versions Prior To 6.5.2 Beta Risk : Multiple Vulnerabilities Description: UBB Threads is a very popular forum system developed by Infopop. There are a number of...

CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

CVE-2005-1526

PHP remote file inclusion vulnerability in configsettings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the configincludepath parameter...

GLSA-200506-14 : Sun and Blackdown Java: Applet privilege escalation

The remote host is affected by the vulnerability described in GLSA-200506-14 Sun and Blackdown Java: Applet privilege escalation Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Impact : A remote attacker could embed a malicious Java applet in a web page a...

CVE-2005-1214

Microsoft Agent allows remote attackers to spoof trusted Internet content and execute arbitrary code by disguising security prompts on a malicious Web page...

CVE-2005-1894

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker...

CVE-2005-1881

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code...

Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable CVE-2005-1704. He als...

CVE-2004-1925

CVE-2004-1925 affects Tiki Wiki CMS Groupware (TikiWiki)

CVE-2004-2057

CVE-2004-2057 affects ASPrunner, specifically version 2.4. The vulnerability is described as a SQL injection that would let remote attackers execute arbitrary SQL statements. The provided connected documents confirm the flaw exists in ASPrunner 2.4 and indicate multiple issues in older ASPrunner ...

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages...

CVE-2005-1463

Multiple format string vulnerabilities in the 1 DHCP and 2 ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code...

CVE-2005-1446

SitePanel 2.6.1 and earlier SitePanel2 allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket...

CVE-2005-0272

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions...

CVE-2005-0909

PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter...