SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)

This mailx update fixes the following security issues : - Shell command injection via crafted email addresses. CVE-2004-2771 / CVE-2014-7844. bnc909208 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...

Debian DSA-3105-1 : heirloom-mailx - security update

Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : - CVE-2004-2771 mailx interprets shell meta-characters in certain email addresses. - CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands ...

DLA-114-1 heirloom-mailx - security update

Bulletin has no description...

[SECURITY] [DSA 3105-1] heirloom-mailx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3105-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

bash: specially-crafted environment variables can be used to inject shell commands

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment...

TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution

Exploit for hardware platform in category web applications Vulnerability description: The domain name parameters of the "Parental Control" and "Access Control" features of the TP-Link TL-WR740N v4 FW-Ver. 3.16.6 Build 130529 Rel.47286n router are prone to arbitrary shell command execution as root...

TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution

Exploit Title: TP-Link TL-WR740N v4 router FW-Ver. 3.16.6 Build 130529 Rel.47286n arbitrary shell command execution Date: 08/03/2014 Exploit Author: Christoph Kuhl Vendor Homepage: http://www.tp-link.com Software Link: http://www.tp-link.com.de/resources/software/TL-WR740NV4130529.zip Version:...

TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution

TP-Link TL-WR740N v4 Router FW-Ver. 3.16.6 Build 130529 Rel.47286n - Command Execution Exploit Title: TP-Link TL-WR740N v4 router FW-Ver. 3.16.6 Build 130529 Rel.47286n arbitrary shell command execution Date: 08/03/2014 Exploit Author: Christoph Kuhl Vendor Homepage: http://www.tp-link.com Softwa...

Fedora 19 : mediawiki-1.21.11-1.fc19 (2014-7805)

bug 65839 SECURITY: Prevent external resources in SVG files. - bug 66428 MimeMagic: Don't seek before BOF. This has weird side effects like only extracting the tail of the file partially or not at all. Note that Tenable Network Security has extracted the preceding description block directly from...

Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9924/info Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly validate user-supplied input via...

N/X WCMS <= 4.1 (nxheader.inc.php) Remote File Include Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? print ' | \\ | \\ | \ . . |\ \ \ /\ \ / /| || | | | | \ | \ Y / | || | | \ | \ \ / | || | |/ // / / ||| \ | / / \ / \ |\ /\ / / \ / \ | | | | / /\ \ / \ / \ | | | | / | / Y \ || / /| /| /...

PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

CMSQLite <= 1.2 & CMySQLite <= 1.3.1 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo CMSQLite = 1.2 & CMySQLite = 1.3.1 Remote Code Execution Exploit by BlackHawk hawkgotyou gmail com http://twitter.com/itablackhawk Thanks to rgod for the php code and Natural Killer ; if $argc4 echo Usage: php .$argv0...

op5 Monitoring 5.4.2 - (VM Applicance) Multiple Vulnerabilities

No description provided by source. Author: loneferret of Offensive Security Product: op5 Monitoring VM appliance Version: 5.4.2 Vendor Site: http://www.op5.com/ Software Download: http://www.op5.com/get-op5-monitor/get-started/ Software Description: op5 is a market leading developer of Open Sourc...

Wordpress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server...

ReloadCMS <= 1.2.5 Cross Site Scripting / Remote Code Execution Exploit

No description provided by source. ?php / ReloadCMS = 1.2.5stable Cross site scripting / remote command execution software site: http://reloadcms.com/ description: ReloadCMS is a free CMS written on PHP and based on flat files. vulnerability: ReloadCMS do not properly sanitize User-Agent request...

virtuemart <= 1.1.2 - Multiple Vulnerabilities

No description provided by source. Author: Janek Vind waraxe Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...