1774 matches found
IBM Report: Mobile Attacks, Phishing Attacks Mount in 2011
Spam volume is down, there are fewer unpatched software holes and oftware application developers did a better job of writing secure code over the last year. But IBM’s X-Force Trend and Risk Report still found plenty to worry about in 2011, according to a copy of the report released this week...
Debian Security Advisory DSA 2423-1 (movabletype-opensource)
The remote host is missing an update to movabletype-opensource announced via advisory DSA 2423-1. OpenVAS Vulnerability Test $Id: deb24231.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2423-1 movabletype-opensource Authors: Thomas Reinke Copyright:...
Debian DSA-2423-1 : movabletype-opensource - several vulnerabilities
Several vulnerabilities were discovered in Movable Type, a blogging system : Under certain circumstances, a user who has 'Create Entries' or'Manage Blog' permissions may be able to read known files on the local file system. The file management system contains shell command injection...
DSA-2423-1 movabletype-opensource - several
Bulletin has no description...
OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution
source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...
Gitorious Arbitrary Command Execution
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Debian DSA-2380-1 : foomatic-filters - shell command injection
It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers. CVE-2011-2697 was assigned to the vulnerability in the Perl implementation included in lenny, a...
[SECURITY] [DSA 2380-1] foomatic-filters security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2380-1 [email protected] http://www.debian.org/security/ Florian Weimer January 04, 2012 http://www.debian.org/security/faq -...
DSA-2380-1 foomatic-filters - shell command injection
Bulletin has no description...
Linux Kernel 2.6.22 Local root Exploit
No description provided by source. cat /tmp/getsuid.c EOF include include include include include include include include char payload="\nSHELL=/bin/sh\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n root chown root.root /tmp/s ; chmod 4777 /tmp/s ; rm -f /etc/cron.d/core\n";...
klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution
klibc 1.5.2 - DHCP Options Processing Remote Shell Command Execution source: https://www.securityfocus.com/bid/47924/info klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute...
RHEL 6 : logrotate (RHSA-2011:0407)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2011:0407 advisory. The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailin...
logrotate: Shell command injection by using the shred configuration directive
The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...
Moderate: Red Hat Security Advisory: logrotate security update
An updated logrotate package that fixes multiple security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
Debian DSA-2182-1 : logwatch - shell command injection
Dominik George discovered that Logwatch does not guard against shell meta-characters in crafted log file names such as those produced by Samba. As a result, an attacker might be able to execute shell commands on the system running Logwatch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[SECURITY] [DSA 2182-1] logwatch security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2182-1 [email protected] http://www.debian.org/security/ March 04, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package :...
FreeBSD : rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability (1cae628c-3569-11e0-8e81-0022190034c0)
Secunia reports : Input passed via an email from address is not properly sanitised in the 'deliver' function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network...
ftp-proftpd-backdoor NSE Script
Tests for the presence of the ProFTPD 1.3.3c backdoor reported as BID 45150. This script attempts to exploit the backdoor using the innocuous id command by default, but that can be changed with the ftp-proftpd-backdoor.cmd script argument. Script Arguments ftp-proftpd-backdoor.cmd Command to...
CVE-2010-3037
goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing UVC System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface PRI Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces BRI Gateway, and...
CVE-2010-3037
CVE-2010-3037 affects Cisco Unified Videoconferencing (UVC) products (5110/5115 Linux; 3545, 5230 VxWorks; 3527 PRI Gateway; 3522 BRI Gateway; 3515 MCU). The flaw is a remote command-injection in the web interface via the /goform/websXMLAdminRequestCgi.cgi, allowing an authenticated administrator...