FreeBSD : typo3 -- multiple vulnerabilities in TYPO3 Core (6693bad2-ca50-11de-8ee8-00215c6a37bb)

TYPO3 develop team reports : Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessi...

SAP MaxDB Remote Arbitrary Commands Execution (CVE-2008-0244)

SAP MaxDB is an open source relational database management system RDBMS developed and supported by SAP AG. MaxDB is targeted for large SAP environments such as mySAP Business Suite and other applications that require enterprise level database functionality. MaxDB is available for the most promine...

typo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports: Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessio...

TYPO3 Security Bulletin

Several vulnerabilities have been found in the following third party TYPO3 extensions: Apache Solr Search solr, Random Images maagrandomimage, Flagbit Filebase fbfilebase, freeCap CAPTCHA srfreecap Release Date: Oktober 20, 2009 Please read first: This Collective Security Bulletin CSB is a listin...

TWiki rev Parameter Shell Command Injection (CVE-2005-2877)

TWiki is a flexible enterprise collaboration platform developed in Perl. The software is a set of CGI programs that are loaded and executed by an HTTP server. TWiki is a structured, community developed documentation framework. It typically runs as a document management system, or a knowledge base...

Debian Security Advisory DSA 1891-1 (changetrack)

The remote host is missing an update to changetrack announced via advisory DSA 1891-1. OpenVAS Vulnerability Test $Id: deb18911.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1891-1 changetrack Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Debian: Security Advisory (DSA-1891-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1891-1] New changetrack packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1891-1 [email protected] http://www.debian.org/security/ Steffen Joeris September 22, 2009 http://www.debian.org/security/faq -...

openSUSE Security Update : jhead (jhead-399)

This update of jhead fixes several security problems : - CVE-2008-4575: buffer overflow in DoCommand - CVE-2008-4639: local symlink attack - CVE-2008-4640: DoCommand allowed deletion of arbitrary files - CVE-2008-4641: execution of arbitrary shell commands in DoCommand %NASLMINLEVEL 70300 C Tenab...

Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability

Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. Note that for an exploit to succeed,...

Important: Red Hat Security Advisory: nagios security update

Updated nagios packages that fix one security issue are now available for the Red Hat HPC Solution. This update has been rated as having important security impact by the Red Hat Security Response Team. Nagios is a program that can monitor hosts and services on your network. It can send email or...

ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability

ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...

FreeBSD : twiki -- arbitrary shell command execution (b4af3ede-36e9-11d9-a9e7-0001020eed82)

Hans Ulrich Niedermann reports : The TWiki search function uses a user-supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...

VirtueMart <= 1.1.2 Multiple Remote Vulnerabilities

No description provided by source. Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...

VirtueMart 1.1.2 SQL Injection / RFI / LFI / XSS

Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS called Joomla! and Mambo. Joomla! an...

Zabbix 1.6.2 Cross Site Request Forgery

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-006 - Zabbix Multiple Frontend CSRF Application: Zabbix 1.6.2 Vendor: Zabbix Vendor website: http://www.zabbix.com Author: Adam Baldwin [email protected] I. BACKGROUND "ZABBIX is an enterprise-class open source...

virtuemart 1.1.2 - Multiple Vulnerabilities

Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS called Joomla! and Mambo. Joomla! an...

virtuemart 1.1.2 - Multiple Vulnerabilities

virtuemart 1.1.2 - Multiple Vulnerabilities Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management...

Mandrake Security Advisory MDVSA-2009:041 (jhead)

The remote host is missing an update to jhead announced via advisory MDVSA-2009:041. OpenVAS Vulnerability Test $Id: mdksa2009041.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:041 jhead Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

HP OpenView Network Node Manager远程命令执行漏洞

BUGTRAQ ID: 33666 CVE ID：CVE-2008-4559 CNCVE ID：CNCVE-20084559 HP OpenView Network Node Manager是一款HP公司开发和维护的网络管理系统软件，具有强大的网络节点管理功能。 HP OpenView Network Node Manager CGI应用程序存在多个命令注入漏洞，远程攻击者可以利用漏洞执行任意SHELL命令。...