Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. Note that for an exploit to succeed,...

Important: Red Hat Security Advisory: nagios security update

Updated nagios packages that fix one security issue are now available for the Red Hat HPC Solution. This update has been rated as having important security impact by the Red Hat Security Response Team. Nagios is a program that can monitor hosts and services on your network. It can send email or...

ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

FreeBSD : twiki -- arbitrary shell command execution (b4af3ede-36e9-11d9-a9e7-0001020eed82)

Hans Ulrich Niedermann reports : The TWiki search function uses a user-supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...

VirtueMart <= 1.1.2 Multiple Remote Vulnerabilities

No description provided by source. Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...

VirtueMart 1.1.2 SQL Injection / RFI / LFI / XSS

Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS called Joomla! and Mambo. Joomla! an...

Zabbix 1.6.2 Cross Site Request Forgery

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-006 - Zabbix Multiple Frontend CSRF Application: Zabbix 1.6.2 Vendor: Zabbix Vendor website: http://www.zabbix.com Author: Adam Baldwin [email protected] I. BACKGROUND "ZABBIX is an enterprise-class open source...

virtuemart 1.1.2 - Multiple Vulnerabilities

Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS called Joomla! and Mambo. Joomla! an...

virtuemart 1.1.2 - Multiple Vulnerabilities

virtuemart 1.1.2 - Multiple Vulnerabilities Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management...

Mandrake Security Advisory MDVSA-2009:041 (jhead)

The remote host is missing an update to jhead announced via advisory MDVSA-2009:041. OpenVAS Vulnerability Test $Id: mdksa2009041.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:041 jhead Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

HP OpenView Network Node Manager远程命令执行漏洞

BUGTRAQ ID: 33666 CVE ID：CVE-2008-4559 CNCVE ID：CNCVE-20084559 HP OpenView Network Node Manager是一款HP公司开发和维护的网络管理系统软件，具有强大的网络节点管理功能。 HP OpenView Network Node Manager CGI应用程序存在多个命令注入漏洞，远程攻击者可以利用漏洞执行任意SHELL命令。...

Debian Security Advisory DSA 1708-1 (git-core)

The remote host is missing an update to git-core announced via advisory DSA 1708-1. OpenVAS Vulnerability Test $Id: deb17081.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1708-1 git-core Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian DSA-1708-1 : git-core - shell command injection

It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...

Phosheezy 2.0 Command Execution

!/usr/bin/perl phosheezy 2.0 http://www.ryneezy.net/apps/phosheezy/phosheezy-v0.2.tar.gz Remote Command Execution Exploit by Osirys osirysatlivedotit osirys.org Greets: HaVoC, x0r, jay, BlackLight lol at athos -------------------------------------------------------------- Exploit in action :D...

FreeBSD : twiki -- multiple vulnerabilities (f98dea27-d687-11dd-abd1-0050568452ac)

Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report : XSS vulnerability with URLPARAM variable SEARCH variable allows arbitrary shell command execution %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

IRIX - execve(/bin/sh -c) Shellcode (72 bytes)

IRIX - execve/bin/sh -c Shellcode 72 bytes. Shellcode exploit for IRIX platform char cmdshellcode= "\x04\x10\xff\xff" / bltzal $zero, / "\x24\x02\x03\xf3" / li $v0,1011 / "\x23\xff\x08\xf4" / addi $ra,$ra,2292 / "\x23\xe4\xf7\x40" / addi $a0,$ra,-2240 / "\x23\xe5\xfb\x24" / addi $a1,$ra,-1244 /...

phpCollab: Multiple vulnerabilities

Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...

On in the browser*. exe file the explore-exploit warning-the black bar safety net

On in the browser. exe file explore in depth A: really can in the browser command file? The answer is Yes. （Wow, cool! Can......） But don't happy, can only be performed server-side, but is must be authorized. Otherwise the server think the Black you're too easy. Who dares to look at me, I just...

Vim Shell Command Injection Vulnerability (Windows)

This host is installed with Vim and is prone to Command Injection Vulnerability. OpenVAS Vulnerability Test $Id: secpodvimshellcmdinjectionvulnwin900411.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: Vim Shell Command Injection Vulnerability Windows Authors: Sujit Ghosal Copyright: Copyright C...

Vim Shell Command Injection Vulnerability - Windows

Vim is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...