Remote Code Execution (RCE)

growl is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the exec function...

PfSense命令注入漏洞

漏洞简介 该漏洞的编号为CVE-2014-4688，存在于PfSense的2.1.3以及更低版本中。该漏洞源于php程序中没有对用户的输入值进行严格的校验，导致用户恶意输入达到命令执行函数时会产生严重后果。其中，diagdns.php， diagsmart.php， statusrrdgraphimg.php三个脚本文件受到该漏洞的影响。 漏洞分析 在diagdns.php中，用户提交的host值经过处理后将传到dig变量中执行。攻击者通过构造host值执行任意命令。...

HP System Management Homepage JustGetSNMPQueue Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "HP System...

HP System Management Homepage JustGetSNMPQueue Command Injection

This Metasploit module exploits a vulnerability found in HP System Management Homepage. By supplying a specially crafted HTTP request, it is possible to control the 'tempfilename' variable in function JustGetSNMPQueue found in ginkgosnmp.inc, which will be used in a exec function. This results in...

PT-2012-1236 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 9 Description: A use-after-free issue in the CMshtmlEd::Exec function in mshtml.dll allows remote attackers to execute arbitrary code via a crafted web site. This issue has been exploited in the...

Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection

This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service due to the insecure usage of the exec function. This module abuses the spywall/ipchange.php file to execute arbitrary OS commands without authentication. This module requires Metasploit:...

PHP code execution vulnerability references summary-vulnerability warning-the black bar safety net

A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1.1: The second file contains the code injection The file containing the function in the specific...

Fedora 13 : libHX-3.6-1.fc13 / pam_mount-2.5-1.fc13 (2010-13127)

Update to libHX 3.6 fixing a buffer overflow in HXsplit: http://libhx.gi t.sourceforge.net/git/gitweb.cgi?p=libhx/libhx;a=commitdiff;h=904a46f9 0d pammount v2.5 August 10 2010 =============================== Changes: - mount.crypt: fix incorrect processing of binary files in keyfile passthrough -...

Code injection

inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exifprog parameter, which is specified in an exec function call...

CVE-2007-5224

inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exifprog parameter, which is specified in an exec function call...

CVE-2007-5224

The CVE-2007-5224 entry affects Original Photo Gallery 0.11.2 and earlier. Affected file: inc/exif.inc.php; the exif_prog parameter is used inside an exec() call without proper sanitization, allowing remote attackers to execute arbitrary commands on the server. This is described in multiple sourc...

Code injection

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...

TorrentFlux 2.2 (maketorrent.php) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================== TorrentFlux 2.2 maketorrent.php Remote Command Execution Exploit ================================================================== The variable announce in maketorrent.php...

TorrentFlux 2.2 - maketorrent.php Remote Command Execution

TorrentFlux 2.2 - maketorrent.php Remote Command Execution The variable announce in maketorrent.php is not sanitised before being used. The announce variable goes through various stages throughout the script, then it is passed as a into an exec function. This occurs in the middle of the string...

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure

Apple Mac OSX 10.x FreeBSD 4.x OpenBSD 2.x Solaris 2.52.67.08 - exec C Library Standard IO File Descriptor Closure / source: https://www.securityfocus.com/bid/4568/info It has been reported that BSD-based kernels do not check to ensure that the C library standard I/O file descriptors 0-2 are vali...

CVE-1999-0561

CVE-1999-0561 affects IIS where the #exec function is enabled for Server Side Include (SSI) files. The root cause is the SSI #exec handling, enabling potential command execution. Affected product: IIS; vulnerability details and exploitation status are not fully provided in the supplied documents....

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...

CVE-1999-0561

IIS has the exec function enabled for Server Side Include SSI files...