8 matches found
EUVD-2009-3995
Malware in sbrugna...
FreeBSD Ports: pear-Net_Ping
The remote host is missing an update to the system as announced in the referenced advisory. VID 56ba8728-f987-11de-b28d-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID 56ba8728-f987-11de-b28d-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
FreeBSD Ports: pear-Net_Ping
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2009-4024
Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...
Design/Logic Flaw
Argument injection vulnerability in the ping function in Ping.php in the NetPing package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem...
CVE-2009-4024
CVE-2009-4024 affects php-net-ping (PEAR Net_Ping). The vulnerability is in Ping.php, where insufficient input sanitising allows remote attackers to inject commands via the host parameter, enabling remote code execution. Affected versions are prior to 2.4.5; multiple advisories (Debian DSA-1949-1...
PEAR Net_Ping 'ping()'函数任意变量注入漏洞
Bugraq ID: 37093 PEAR NetPing是一款基于PHP的执行ping操作的OS独立封装类。 当表单输入直接使用时,攻击者可以传递变量允许执行远程任意命令注入攻击。 PEAR NetPing 2.4.4 PEAR NetPing 2.4.5已经修复此漏洞,建议用户下载使用: http://download.pear.php.net/package/NetPing-2.4.5.tgz pear upgrade NetPing-2.4.5...
PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection
PEAR Security Advisory reports: Multiple remote arbitrary command injections have been found in the NetPing and NetTraceroute. When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections...