Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

Server: shell command injection in CGI replication monitor

The replication monitor CGI script repl-monitor-cgi.pl in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands...

F5 BIG-IP管理接口NEW_VALUE参数远程代码注入漏洞

BUGTRAQ ID: 28639 F5 BIG-IP是集成了网络流量管理、应用程序安全管理器、负载均衡等功能的多合一网络设备。 BIG-IP的配置工具实现上存在输入验证漏洞，远程攻击者可能利用此漏洞在系统上执行任意命令。 Web管理接口和CLI所使用的F5 BIG-IP重新配置工具没有正确地过滤某些重新配置请求，如果登录用户拥有Resource Manager或Administrator权限的话，就可以注入任意Perl代码，生成Unix shell命令并以root用户权限执行。 这个漏洞的起因是未经转义NEWVALUE中的单引号便使用了包含有类似于以下内容模板的Perl EP3：...

rpc.ypupdated command injection vulnerability

Added: 03/28/2008 CVE: CVE-1999-0208 BID: 1749 OSVDB: 11517 Background Network Information Service NIS is a distributed database that allows you to maintain consistent configuration files throughout your network. rpc.ypupdated is an NIS service which is responsible for duplicating information fro...

centerim-exec.txt

Application: CenterIM http://www.centerim.org/index.php/MainPage Versions: centerim = 4.22.3 OS: Linux Bug: Execution of shell commands Exploit: remote Date: 15 March 2008 Author: Brian Fonfara w00 eMail: [email protected] Web: newb.kicks-ass.net 1 Bug 2 Exploit ======= 1 Bug ======= Received...

GLSA-200803-06 : SWORD: Shell command injection

The remote host is affected by the vulnerability described in GLSA-200803-06 SWORD: Shell command injection Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the 'range' parameter before processing it. Impact : A remote attacker...

[ GLSA 200803-06 ] SWORD: Shell command injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

SWORD: Shell command injection

Background SWORD is a library for Bible study software. Description Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact A remote attacker could provide specially crafted input to a...

DSA-1508-1 sword - arbirary shell command execution

Bulletin has no description...

Debian Security Advisory DSA 1465-1 (apt-listchanges)

The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

waraxe-2008-SA065.txt

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Coppermine Photo Gallery 1.4.14 - Remote Command Execution

Coppermine Photo Gallery 1.4.14 - Remote Command Execution waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web:...

[waraxe-2008-SA#065] - Remote Shell Command Execution in Coppermine 1.4.14

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Coppermine Photo Gallery 1.4.14 - Remote Command Execution

waraxe-2008-SA065 - Remote Shell Command Execution in Coppermine 1.4.14 =============================================================================== Author: Janek Vind "waraxe" Date: 30. January 2008 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-65.html Target software descriptio...

Debian Security Advisory DSA 1315-1 (libphp-phpmailer)

The remote host is missing an update to libphp-phpmailer announced via advisory DSA 1315-1. OpenVAS Vulnerability Test $Id: deb13151.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1315-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1364-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-957-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 957-1 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-1. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 957-2 (imagemagick)

The remote host is missing an update to imagemagick announced via advisory DSA 957-2. Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With...

Debian Security Advisory DSA 1270-1 (openoffice.org)

The remote host is missing an update to openoffice.org announced via advisory DSA 1270-1. Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0002 iDefense...