CVE-2007-2438

CVE-2007-2438 targets Vim’s sandbox, where modeline parsing grants access to dangerous functions (writefile, feedkeys, system), enabling user-assisted execution of shell commands and file writes. The issue affects Vim components exposed to modelines and has been addressed in multiple advisories a...

CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

GLSA-200704-18 : Courier-IMAP: Remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200704-18 Courier-IMAP: Remote execution of arbitrary code CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact : A remote attacker could...

Courier-IMAP: Remote execution of arbitrary code

Background Courier-IMAP is an IMAP server which is part of the Courier mail system. It provides access only to maildirs. Description CJ Kucera has discovered that some Courier-IMAP scripts don't properly handle the XMAILDIR variable, allowing for shell command injection. Impact A remote attacker...

CVE-2007-1490

Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allow remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors aka "shell command injection"...

CVE-2007-1490

CVE-2007-1490 affects Avaya equipment (S87XX, S8500, S8300 prior to CM 3.1.3 and Avaya SES). The issue is shell command injection via shell metacharacters in unspecified maintenance web pages/entry points, exploitable by remote authenticated users. Affected component/functionality is unspecified;...

Debian Linux apache privilege escalation

User can inject shell command into shell from where apache was started by using TIOCSTI ioctl on the ctty socket in CGI script...

CVE-2007-0665

Format string vulnerability in the SCP module in Ipswitch WSFTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WSFTP script command...

GuppY 4.5.16 - Remote Command Execution

GuppY 4.5.16 - Remote Command Execution 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r...

GuppY 4.5.16 - Remote Command Execution

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $ex...

[Full-disclosure] [SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1251-1 [email protected] http://www.debian.org/security/ Steve Kemp January 21, 2007 -...

sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- sNews = 1.5.30 unauthorized access / reset admin pass / cmd exec exploit by rgod dork: "Barbecued by sNews" mail: retrog at alice dot it site: http://retrogod.altervista.org...

L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

No description provided by source. ? print ' | \ | \ \ / | | | | | | | \ \ \ / \ \ | \ \ / \ | \ | | | / \ | \ \ \ / / | | | | | | | | | | ||/ // |./ |/\ ./ |/ ||...

MDForum <= 2.0.1 (PNSVlang) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= MDForum = 2.0.1 PNSVlang Remote Code Execution Exploit ========================================================= ? //Kacper & str0ke Settings $exploitname = "MDForum = 2.0.1 PNSVlan...

Debian DSA-1240-1 : links2 - insufficient escaping

Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

WebText 0.4.5.2 - Remote Code Execution

WebText 0.4.5.2 - Remote Code Execution DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

PHP-Proxima BB_Smilies.PHP本地文件包含漏洞

PHP-Proxima是一款基于PHP的WEB应用程序。 PHP-Proxima不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'BBSmilies.PHP'脚本对用户提交的'name'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 PHP-Proxima 6.0 http://sourceforge.net/projects/phpproxima !/usr/bin/php -q -d shortopentag=on ? $devilteam = " :::::::...

PHPAlbum 0.4.1 Beta 6 - &#039;language.php&#039; Local File Inclusion

DEVIL TEAM IRC: irc.milw0rm.com:6667 devilteam http://www.rahim.webd.pl/ ======== Contact: [email protected] cod3d by Kacper -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Greetings DragonHeart and all DEVIL TEAM Patriots : - Leito & Leon | friend str0ke ; pepi,...

Serendipity &lt;= 1.0.3 (comment.php) Local File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

Serendipity <= 1.0.3 (comment.php) Local File Include Exploit

Exploit for unknown platform in category web applications ============================================================= Serendipity = 1.0.3 comment.php Local File Include Exploit ============================================================= ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :...