openSUSE: Security Advisory for osc (openSUSE-SU-2015:0486-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : osc (openSUSE-2015-224)

osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability : - fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed : - fix times when data comes from OBS...

Security update for osc (important)

osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed: fix times when data comes from OBS backen...

SUSE-SU-2015:0487-1 Security update for osc

osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability: fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed: fix times when data comes from OBS backen...

Arbitrary Shell Command Execution In The Groovy Scripting Engine

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

CVE-2015-1458

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcoreenableshellaccess and executing the "shell" command...

Command injection

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcoreenableshellaccess and executing the "shell" command...

Amazon Linux AMI : mailx (ALAS-2015-467)

A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771 , CVE-2014-7844...

Medium: mailx

Issue Overview: A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771...

USN-2455-1 bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...

Debian DSA-3114-1 : mime-support - security update

Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. %NASLMINLEVEL 7030...

[SECURITY] [DLA 125-1] mime-support security update

Package : mime-support Version : 3.48-1+deb6u1 CVE ID : CVE-2014-7209 Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could...

[SECURITY] [DSA 3114-1] mime-support security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3114-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 29, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3114-1] mime-support security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3114-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 29, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3114-1 (mime-support - security update)

Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. OpenVAS...

openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)

This mailx update fixes the following security issue : bsc909208: shell command injection via crafted email addresses CVE-2004-2771, CVE-2014-7844 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

DLA-125-1 mime-support - security update

Bulletin has no description...

DSA-3114-1 mime-support - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3114-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)

A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in the way the server validates permissions while executing shell commands from unauthorized users. A remote attacker can exploit this issue by sending specially crafted AMI requests to the...