15296 matches found
SUSE CVE-2005-2929
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via 1 lynxcgi:, 2 lynxexec, and 3 lynxprog links, which are not properly restricted in the default configuration in some environments...
SUSE CVE-2005-3330
The httpsrequest function in Snoopy 1.2, as used in products such as 1 MagpieRSS, 2 WordPress, 3 Ampache, and 4 Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function...
SUSE CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
SUSE CVE-2006-3126
c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null \0 and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number...
SUSE CVE-2006-3587
Unspecified vulnerability in Adobe Macromedia Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors...
SUSE CVE-2007-0239
OpenOffice.org OOo Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document...
SUSE CVE-2007-2951
The parseIrcUrl function in src/kvirc/kernel/kviircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an 1 irc:// or 2 irc6:// URI...
SUSE CVE-2007-3634
Unspecified vulnerability in the G/PGP GPG Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpgsignattachment function, aka ZD-00000004. this information is based upon a...
SUSE CVE-2007-3770
The terminalhelperexecute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality...
SUSE CVE-2007-3845
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant ...
SUSE CVE-2007-4560
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."...
SUSE CVE-2007-5541
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors...
SUSE CVE-2008-1136
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE SynCE-dccm allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679...
SUSE CVE-2008-2405
Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications...
SUSE CVE-2008-4690
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...
SUSE CVE-2008-4796
The httpsrequest function Snoopy/Snoopy.class.php in Snoopy 1.2.3 and earlier, as used in 1 ampache, 2 libphp-snoopy, 3 mahara, 4 mediamate, 5 opendb, 6 pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs...
SUSE CVE-2008-5516
The web interface in git gitweb 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to gitsearch...
SUSE CVE-2008-5517
The web interface in git gitweb 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to 1 gitsnapshot and 2 gitobject...
SUSE CVE-2009-2288
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 ping or 2 Traceroute parameters...
SUSE CVE-2009-3125
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters...