Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-214: SurgeMail and WebMail 'Page' Command Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-214: SurgeMail and WebMail 'Page' Command Vulnerability
# 1  
Old 02-27-2008
S-214: SurgeMail and WebMail 'Page' Command Vulnerability
SurgeMail and WebMail are prone to a remote fomat-string vulnerability because the applications fail to properly sanitize user-supplied input begore including it in the format-specifier argument of a formatted-printing function. The risk is LOW. A remote attacker may execute arbitrary code with the privileges of the user running the affected applications. Failed exploit attempts will result in a denial of service.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Execute command and show result in web page

Hi everyone, I have two question 1- I want to execute command in shell and after execution result show in a web server. (kind of making UI ) e.g. in shell root ~: show list item1 item2 item(n)in web server in a page draw a table and show those items in itno | name... (1 Reply)
Discussion started by: indeed_1
1 Replies

2. Shell Programming and Scripting

Description of the option print0 in the command find (man page)

This is the description of the option -print0 fon the command find in the man page: What does the "True" in the first line of the description mean? (3 Replies)
Discussion started by: puertas12
3 Replies

3. Shell Programming and Scripting

script for adding page number before page breaks

Hi, If there is an expert that can help: I have many txt files that are produced from pdftotext that include page breaks the page breaks seem to be unix style hex 0C. I want to add page numbers before each page break as in : Page XXXX Regards antman (9 Replies)
Discussion started by: antman
9 Replies

4. Shell Programming and Scripting

Print multiple copies page by page using lp command

Hi I have a pdf file that is being generated using the rwrun command in the shell script. I then have the lp command in the shell script to print the same pdf file. Suppose there are 4 pages in the pdf file , I need to print 2 copies of the first page, 2 copies of the second page , then 2... (7 Replies)
Discussion started by: megha2525
7 Replies

5. Web Development

Page load time- local page

Hi Is there a way to calculate the page load time, I am trying to calculate the load time of a page locally. I found tools to do this over http or https but none that work locally. Any ideas? Thanks. (4 Replies)
Discussion started by: jamie_123
4 Replies

6. UNIX for Dummies Questions & Answers

display command output page per page

Good afternoon, I wonder how i could use unix commands to ease the reading of long command result output ? like the "php -i" or any other command that returns a long answer. I could not find the right terms to Google it or search the forum. Therefore I bother you with this question. ... (3 Replies)
Discussion started by: Mat_k
3 Replies

7. Shell Programming and Scripting

Execute unix command from an html page in windows

i have a problem situation, where i have a html file say click.html. i have a button "ls" in that html page. i run this html file in windows....Now say if i click that "ls" button it must connect to the unix server and execute ls and return the results back to html page in windows. can anyone tell... (8 Replies)
Discussion started by: niteesh_!7
8 Replies

8. Solaris

Creating a Man page for a command

Hi, I would like to develop a man page as the one we usually get when we execute man <command name>. This man page will be for a samll utility that i have written. If this is not possible then what are the available possibilites for creating such help. thanks in advance. (2 Replies)
Discussion started by: raghu.amilineni
2 Replies

9. UNIX for Dummies Questions & Answers

view page command?

Hi All, When I run a command on any shell, many times the output is longer than the screen can hold, so I only can see parts of the output. Is there a command that will show me page by page the results of each command? Thanks, Jared (3 Replies)
Discussion started by: JaredsNew
3 Replies
Login or Register to Ask a Question

LEARN ABOUT SUSE

fvwmbacker

FvwmBacker(1)							   Fvwm Modules 						     FvwmBacker(1)

NAME

       FvwmBacker - the fvwm background changer module

SYNOPSIS

       Module FvwmBacker

       FvwmBacker can only be invoked by fvwm.	Command line invocation of the FvwmBacker module will not work.

DESCRIPTION

       The  FvwmBacker	module	provides functionality to change the background when changing desktops.  Any command can be executed to change the
       backgrounds.  Actually, any arbitrary command can be sent to fvwm to execute, so you could also do things such as  changing  window  border
       colors, etc.

COPYRIGHTS

       The FvwmBacker module is the original work of Mike Finger.

       Copyright  1994,  Mike  Finger.	The author makes no guarantees or warranties of any kind about the use of this module.	Use this module at
       your own risk.  You may freely use this module or any portion of it for any purpose as long as the copyright is kept intact.

INITIALIZATION

       During initialization, FvwmBacker gets config info from fvwm's module  configuration  database  (see  fvwm(1),  section	MODULE	COMMANDS).
       Available options are discussed in a later section.

INVOCATION

       FvwmBacker can be invoked by fvwm during initialization by inserting the line

       AddToFunc StartFunction I Module FvwmBacker

       in the .fvwm2rc file.

       FvwmBacker  can	be started using a 'Module FvwmBacker' command or stopped using a 'KillModule FvwmBacker' command at any time when fvwm is
       running.

       FvwmBacker must reside in a directory that is listed in the ModulePath option of fvwm for it to be executed by fvwm.

CONFIGURATION OPTIONS

       The following options can be placed in the .fvwm2rc file

       *FvwmBacker: Command (Desk d, Page x y) command
	      Specifies the command to execute when the viewport matches the arguments for the desk d, page x coordinate and y coordinate. Any	or
	      all  of  these three numeric arguments can be replaced with an asterisk (*) to indicate that any value matches, in this case Desk or
	      Page parts can be skipped.

	      If either the Desk or the Page parts are omitted, the command is not executed if only the desk or the page is switched.  If  neither
	      is  given,  the  command	is executed only once when the module is started.  This is not the same as using asterisks for the numeric
	      arguments:  if asterisks are used, the command is always executed when only the desk or page changes, if the corresponding  part	is
	      omitted, the command is never executed when only the desk or page changes.

	      If  the command is -solid FvwmBacker uses the next argument as a color in the X database and sets the background to that color with-
	      out generating a system call to xsetroot (only single word color names may be used).

	      If the command is colorset FvwmBacker uses the background specified in colorset n for the given desk.  Please refer to the man  page
	      of the FvwmTheme module for details about colorsets.

	      Otherwise the command is sent to fvwm to execute.

       *FvwmBacker: RetainPixmap
	      Causes  FvwmBacker  to  retain and publish the Pixmap with which the background has been set. This works only for the -solid or col-
	      orset commands. This is useful for applications which want to use the root Pixmap on the background to  simulate	transparency  (for
	      example,	Eterm  and  Aterm  use	this  method).	This  option  should also be used for the RootTransparent colorset option (see the
	      FvwmTheme man page).  Note: with a colorset background this command may add a lot of memory to the X server. For example, this  adds
	      the  pixmap  width  times  height  bytes	with  a TiledPixmap image, screen_width times screen_height bytes with a Pixmap image or a
	      C,B,D,R,S or Y Gradient and screen_width bytes with a VGradient or screen height bytes with an HGradient.

       *FvwmBacker: DoNotRetainPixmap
	      Cancels the effect of the previous option. This is the default.

RUN-TIME CONFIGURATION
       It it possible to replace FvwmBacker's configuration at run-time, although it is not yet possible to remove existing  configuration  lines.
       This  is done by simply removing the old configuration from withing fvwm and then read a new one.  This can be done in many ways, for exam-
       ple by using an fvwm function or one of the modules FvwmCommand or FvwmConsole.

       Example:

       DestroyModuleConfig FvwmBacker*
       *FvwmBacker: Command (Desk 0) -solid black
       *FvwmBacker: Command (Desk 1) -solid blue

OLD-STYLE OPTIONS
       There is continued support for the now deprecated option:

       *FvwmBacker: Desk d command

	      It is functionally equivalent to omitting the page coordinates with *FvwmBacker: Command:

	      *FvwmBacker: Command (Desk Id) command

SAMPLE CONFIGURATION

       The following are excerpts from an .fvwm2rc file which describe FvwmBacker initialization commands:

       ####
       # Set Up Backgrounds for different desktop pages (2 desks, 3x2 pages).
       ####
       *FvwmBacker: Command (Page 2 *) -solid steelblue
       *FvwmBacker: Command (Desk 0, Page 0 0) Exec fvwm-root $[HOME]/bg2.xpm
       *FvwmBacker: Command (Desk 0, Page 0 1) -solid midnightblue
       *FvwmBacker: Command (Desk 0, Page 1 *) -solid yellow
       *FvwmBacker: Command (Desk 1, Page * 0) -solid navy
       *FvwmBacker: Command (Desk 1, Page * 1) Colorset 5

AUTHOR

       Mike Finger (mfinger@mermaid.micro.umn.edu)
		   (Mike_Finger@atk.com)
		   (doodman on IRC, check the #linux channel)

Modified by
       Andrew Davison (davison@cs.monash.edu.au)

       Michael Han (mikehan@best.com)

       Mikhael Goikhman (migo@homemail.com)

3rd Berkeley Distribution					7 May 208 (2.5.26)						     FvwmBacker(1)