CVE-2005-1851

A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors...

CVE-2005-1851

Removed by vendor...

Debian DSA-760-1 : ekg - several vulnerabilities

Several vulnerabilities have been discovered in ekg, a console Gadu Gadu client, an instant messaging program. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2005-1850 Marcin Owsiany and Wojtek Kaniewski discovered insecure temporary file creatio...

[SECURITY] [DSA 760-1] New ekg packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 760-1 [email protected] http://www.debian.org/security/ Martin Schulze July 18th, 2005 http://www.debian.org/security/faq -...

[SA15985] USANet Creations Products Shell Command Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15981] pngcntrp "kaiseki.cgi" Shell Command Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection

!/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML RPC server vulnerabilities I discovered to extract a...

K-COLLECT CSV_DB / i_DB csv_db.cgi file Parameter Arbitrary Command Execution

The remote host is running K-COLLECT csv-database, a web application written in perl. The remote version of this software fails to sanitize user input to the 'file' parameter of the 'csvdb.cgi' script before using it to run a shell command. An unauthenticated can exploit this issue to execute...

[SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

eping.txt

www.RedC0de.org found the following error in eping: Details ------- Advisory name: Arbitrary code execution in eping plugin Advisory number: 1 Application: eping Aplication author: apnovi3 Security-Risk: high - very high Remote-Exploit: Yes Discovered by: m00fd1 aka Tr|p Introduction ------------...

MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability

MADSHEEP-05SA security advisory: WebHints = v1.03 Remote Command Execution Vulnerability 06/11/2005 MADSHEEP-05SA security advisory: WebHints = v1.03 Remote Command Execution Vulnerability Published: 06 11 2005 Released: 06 11 2005 Name: WebHints Affected Systems: = 1.03 Issue: Remote Command...

ARPUS/Ce Local Overflow Exploit (setuid) (perl)

Exploit for linux platform in category local exploits =============================================== ARPUS/Ce Local Overflow Exploit setuid perl =============================================== !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright...

[SA15054] WebAPP E-Cart Module Shell Command Injection Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: WebAPP E-Cart Module Shell Command Injection...

[SA14384] TWiki ImageGalleryPlugin Shell Command Injection

TITLE: TWiki ImageGalleryPlugin Shell Command Injection SECUNIA ADVISORY ID: SA14384 VERIFY ADVISORY: http://secunia.com/advisories/14384/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: ImageGalleryPlugin 1.x TWiki plugin http://secunia.com/product/4707/...

TWiki ImageGalleryPlugin Shell Command Injection

According to its version number, the instance of TWiki running on the remote host is affected by a shell command injection vulnerability in the ImageGalleryPlugin component. In addition, the wording of a 'robustness' patch released by the vendor indicates this version may be affected by other inp...

GLSA-200411-33 : TWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200411-33 TWiki: Arbitrary command execution The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string. Impact :...

Mandrake Linux Security Advisory : XFree86 (MDKSA-2004:138)

The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows,...

FreeBSD : twiki -- arbitrary shell command execution (196)

The following package needs to be updated: twiki %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgb4af3ede36e911d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-20...

twiki -- arbitrary shell command execution

Hans Ulrich Niedermann reports: The TWiki search function uses a user supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...

When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user.

PMASA-2004-2 Announcement-ID: PMASA-2004-2 Date: 2004-10-12 Summary When specifying specially formatted options to external MIME transformation, an attacker can execute any shell command restricted by privileges of httpd user. Description phpMyAdmin allows to use MIME transformations for displayi...