313 matches found
Symantec Web Gateway Security Issues
SUMMARY Symantec Web Gateway SWG 5.2 Appliance management console is susceptible to security issues. Successful exploitation could result in unauthorized command execution on or access to the management console. There is also potential for unauthorized backend database manipulation. AFFECTED...
Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution
Exploit for hardware platform in category web applications The file getAlias.php located in /backupmgt has the following lines: $ipAddress = $GET"ip"; if $ipAddress != "" exec"grep -I $ipAddress $immedLogFile aliasHistory.txt"; .. .. The GET parameter can easily be manipulated to execute commands...
Debian DSA-2478-1 : sudo - parsing error
It was discovered that sudo misparsed network masks used in Host and HostList stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
[SECURITY] [DSA 2478-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2478-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 23, 2012 http://www.debian.org/security/faq -...
HP-UX Update for JRE HPSBUX00141
Check for the Version of JRE OpenVAS Vulnerability Test HP-UX Update for JRE HPSBUX00141 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the GNU...
GREED 0.81 - .GRX File List Command Execution
GREED 0.81 - .GRX File List Command Execution source: https://www.securityfocus.com/bid/12034/info greed Get and Resume Elite Edition is prone to unauthorized command execution. This issue is exposed when the application processes a GRX file list that specifies shell metacharacters and commands i...
[Full-Disclosure] Vulnerability in CCBill script
Recently there are many hacking attempts attacking E-commerce site that use CCBILL to precess credit cards. Some of my clients sites are hacked and defaced by this vulnerability. In the Incidents List, some people already mention about it. I just take a look at the actual problem and figure out...
XMMS Remote input validation error
Overview There is an input validation error in the stand-alone SOAP server XMMS Remote which allows unauthorized remote command execution. Description XMMS Remote is a stand-alone XML/SOAP HTTP server implemented in PERL created by X2 Studios. It is used to monitor a running xmms media player...
Working Resources 1.7.x2.15 BadBlue - ext.dll Command Execution
Working Resources 1.7.x2.15 BadBlue - ext.dll Command Execution source: https://www.securityfocus.com/bid/7387/info BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access. This is due to an input validation issue in the 'ext.dll' component that could all...
man-cgi.txt
Upon researching several possible cgi based man holes I ran across the following bugged code © 1994-1999 Man-cgi 2.00, Panagiotis Christias © 1995 Man-cgi 1.15 Modified for Solaris 2.3, David Adams, © 1994 Man-cgi 1.15, Panagiotis Christias © 1996 Man-cgi 1.15 Ported to linux and maintained by, T...
Security Bulletin #00201
Sun Microsystems, Inc. Security Bulletin Bulletin Number: 00201 Date: February 21, 2001 Cross-Ref: Title: Java Runtime Environment unauthorized command execution The information contained in this Security Bulletin is provided "AS IS." Sun makes no warranties of any kind whatsoever with respect to...
pop2d.fold.txt
While working to port ipop2d exploit to java discovered another hole in the FOLD command of ipop2d... The ability to read files that are readable via the pop2d userid. Attached is a ported exploit in java for bnc... as well as the pop2d exploit transcript. -d0tslash b10z EFnet 9x EFnet...
PT-1998-1062 · Cisco · Cisco
Name of the Vulnerable Software and Affected Versions: Cisco systems affected versions not specified Description: The issue allows attackers to execute commands without authorization on Cisco systems using AAA authentication. Recommendations: At the moment, there is no information about a newer...