731 matches found
Debian Security Advisory DSA 3114-1 (mime-support - security update)
Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. OpenVAS...
openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)
This mailx update fixes the following security issue : bsc909208: shell command injection via crafted email addresses CVE-2004-2771, CVE-2014-7844 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
DSA-3114-1 mime-support - security update
Bulletin has no description...
DLA-125-1 mime-support - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3114-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)
This mailx update fixes the following security issues : - Shell command injection via crafted email addresses. CVE-2004-2771 / CVE-2014-7844. bnc909208 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
Bash Environment Variable Handling Shell Command Injection Via CUPS
Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...
Bash Environment Variable Handling Shell Command Injection Via CUPS
Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...
Fedora 19 : mediawiki-1.21.11-1.fc19 (2014-7805)
bug 65839 SECURITY: Prevent external resources in SVG files. - bug 66428 MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all. Note that Tenable Network Security has extracted the preceding description block directly from...
AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit
No description provided by source. !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org...
GLSA-201401-26 : Zabbix: Shell command injection
The remote host is affected by the vulnerability described in GLSA-201401-26 Zabbix: Shell command injection If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are...
Zabbix: Shell command injection
Background Zabbix is software for monitoring applications, networks, and servers. Description If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are disabled. Impact A...
Geany <=1.22 Local Code injection Vulnerability
Geany version Compile Or the shortcut F8, injected code ready. Examples: xpl.c";ls -la" xpl.c";cat /etc/passwd" 0day.today 2018-04-10...
[SECURITY] [DSA 2530-1] rssh security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2530-1 [email protected] http://www.debian.org/security/ Florian Weimer August 15, 2012 http://www.debian.org/security/faq -...
Debian DSA-2530-1 : rssh - shell command injection
Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2530. The text itself is copyrigh...
[SECURITY] [DSA 2530-1] rssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2530-1 [email protected] http://www.debian.org/security/ Florian Weimer August 15, 2012 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2503-1] bcfg2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2503-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...
Debian DSA-2503-1 : bcfg2 - shell command injection
It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
RedHat Update for logrotate RHSA-2011:0407-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...