RMI Registry Detection

The remote host is running an RMI registry, which acts as a bootstrap naming service for registering and retrieving remote objects with simple names in the Java Remote Method Invocation RMI system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22227;...

DEBIAN-CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

Squirrelmail vacation plugin shell characters problem

Unfiltered shell characters on ftpfile external program invocation...

CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation RMI over Internet Inter-ORB Protocol IIOP, does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in a...

solaris/SPARC execve /bin/sh 52 bytes

No description provided by source. //Solaris/Sparc - LSD char shellcode= "\x20\xbf\xff\xff" / bn,a shellcode-4 / "\x20\xbf\xff\xff" / bn,a shellcode / "\x7f\xff\xff\xff" / call shellcode+4 / "\x90\x03\xe0\x20" / add %o7,32,%o0 / "\x92\x02\x20\x10" / add %o0,16,%o1 / "\xc0\x22\x20\x08" / st...

F-Secure BackWeb 6.31 - Local Privilege Escalation

source: https://www.securityfocus.com/bid/10055/info A vulnerability has been reported in F-Secure BackWeb that may permit local attackers to gain system level privileges. The source of this vulnerability is that certain areas within the BackWeb interface permit arbitrary programs to be invoked...

PT-2003-1623 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The issue is related to the improper handling of certain strings in multiple dissectors, including BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI. The consequences of this issue are...

CVE-2002-0153

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability...

CVE-2002-0077

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the "Local Executable...

FWTK x-gw Security Advisory [GSA2000-01]

geekgang Security Advisory gsa2000-01 www.geekgang.co.uk © Copyright 2000 geekgang ID: geekgang GSA2000-01 01 v1.0 Topic: FWTK x-gw format bug Status: Release 26th October, 2000 Author: pre Credit: Pekka Savola found the potential problem in the code Abstract The x-gw X Windows gateway component ...