Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in upload/users.php in Utopia News Pro UNP 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts...

CVE-2012-4325

CVE-2012-4325 is a CSRF vulnerability in UNP (Utopia News Pro) affecting 1.4.0 and earlier, enabling remote attackers to hijack administrators’ sessions by sending requests that add administrator accounts via upload/users.php. The connected sources confirm the affected product/version and the adm...

Gentoo Security Advisory GLSA 200801-01

The remote host is missing updates announced in advisory GLSA 200801-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200801-01 (remote)

The remote host is missing updates announced in advisory GLSA 200801-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

GLSA-200801-01 : unp: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200801-01 unp: Arbitrary command execution Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact : A remote attacker could entice a user or automated...

unp文件名远程任意Shell命令注入漏洞

BUGTRAQ ID: 27182 CVECAN ID: CVE-2007-6610 unp是用于在Debian平台下使用的压缩解压文档的perl脚本。 unp处理文件名时存在漏洞，本地攻击者可能利用此漏洞通过诱使用户执行特定操作来提升权限。 unp没有正确地转义文件名，如果执行以下操作的话： touch empty zip \ls.zip empty unp \ls.zip 就会给出目录列表。这意味着任何使用unp进行解压的应用程序都受基于文件名的命令注入攻击的影响。 DebianHelp unp 1.0.14 厂商补丁： Gentoo ------...

unp: Arbitrary command execution

Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...

CVE-2007-6610

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...

Code injection

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...

CVE-2007-6610

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...

CVE-2007-6610

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...

CVE-2007-6610

CVE-2007-6610 affects unp up to 1.0.12 and older than 1.0.14. The vulnerability arises because unp does not properly escape file names before passing them to shell calls, enabling a context-dependent attacker to execute arbitrary shell commands via crafted filenames (potentially when invoked by a...

CVE-2007-6610

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product...

CVE-2005-4223

Utopia News Pro (UNP) 1.1.4 is affected by multiple potential SQL injection vulnerabilities that could allow an attacker to run arbitrary SQL commands remotely. The issues are reported in specific input parameters across several PHP scripts: newsid in editnews.php, catid and question in faq.php, ...

CVE-2005-3200

Utopia News Pro (UNP) versions 1.1.3 and 1.1.4 are affected by multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) sitetitle parameter in header.php and (2) version and (3) query_count parameters in footer.php. The documents do not speci...