CVE-2024-3799

CVE-2024-3799 describes an insecure handling of POST header body in Phoniebox that allows an attacker to craft a webpage which, when visited by a user, causes the user’s browser to send malicious requests to hosts on the local network, potentially triggering shell command execution on the vulnera...

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...

Updated ghostscript packages fix security vulnerability

Various userparams in Ghostscript allow %pipe% in paths, allowing remote shell command execution CVE-2016-7976. The .libfile function in Ghostscript doesn't check PermitFileReading array, allowing remote file disclosure CVE-2016-7977. Reference leak in the .setdevice function in Ghostscript allow...

CVE-2010-5327

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...

Samba 3.0.0 <= 3.0.25rc3 MS-RPC Remote Shell Command Execution Vulnerability - Version Check

Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Fedora 19 : mediawiki-1.21.11-1.fc19 (2014-7805)

bug 65839 SECURITY: Prevent external resources in SVG files. - bug 66428 MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all. Note that Tenable Network Security has extracted the preceding description block directly from...

virtuemart <= 1.1.2 - Multiple Vulnerabilities

No description provided by source. Author: Janek Vind waraxe Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...

AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit

No description provided by source. !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org...

MediaWiki thumb.php page Parameter Remote Shell Command Injection

MediaWiki contains a flaw that is due to the program failing to properly sanitize input passed via the "page" parameter in the thumb.php script. This may allow a remote attack to inject arbitrary shell commands. Vulnerability Type: Remote Command Execution For the exploit source code contact...

Symantec Web Gateway Multiple Script Shell Command Execution (SYM12-011)

The Symantec Web Gateway install on the remote host is affected by a remote shell command execution vulnerability due to its failure to sanitize input to the 'ip' parameter of the 'fromha.php' script. An unauthenticated, remote attacker can exploit this vulnerability to save a random PHP script o...

Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)

A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...

Cobbler xmlrpc API power_system Method Remote Shell Command Execution

According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'powersystem' method. Successful exploitation requires an authenticated user an...

SystemTap 'stap-server' Remote Shell Command Injection Vulnerability

This host has SystemTap installed and is prone to Arbitrary Command Execution vulnerability OpenVAS Vulnerability Test $Id: secpodsystemtapshellcmdinjectionvuln.nasl 5401 2017-02-23 09:46:07Z teissa $ SystemTap 'stap-server' Remote Shell Command Injection Vulnerability Authors: Madhuri D Copyrigh...

FreeBSD : typo3 -- multiple vulnerabilities in TYPO3 Core (6693bad2-ca50-11de-8ee8-00215c6a37bb)

TYPO3 develop team reports : Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessi...

typo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports: Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessio...

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: Apache Solr Search solr, Random Images maagrandomimage, Flagbit Filebase fbfilebase, freeCap CAPTCHA srfreecap Release Date: Oktober 20, 2009 Please read first: This Collective Security Bulletin CSB is a listin...

VirtueMart &lt;= 1.1.2 Multiple Remote Vulnerabilities

No description provided by source. Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...

virtuemart 1.1.2 - Multiple Vulnerabilities

Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS called Joomla! and Mambo. Joomla! an...

virtuemart 1.1.2 - Multiple Vulnerabilities

virtuemart 1.1.2 - Multiple Vulnerabilities Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management...

waraxe-2008-SA065.txt

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...