Nagios 3 history.cgi Command Injection

Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...

RHEL 5 : flash-plugin (RHSA-2012:1203)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2012:1203 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several...

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

Jenkins CI Script Console Command Execution MSF Module Vulnerability

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Fedora 18 : kexec-tools-2.0.3-64.fc18 (2013-0182)

fix exec on stack issue for ppc32 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...

Microsoft Internet Explorer execCommand Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows - AlwaysInstallElevated MSI (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/windows/registry'...

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

IrfanView - .TIF Image Decompression Buffer Overflow

IrfanView - .TIF Image Decompression Buffer Overflow Application: IrfanView TIF Image Decompression Buffer Overflow Vulnerability Plateform: Windows Version: The vulnerabilities are confirmed in version 4.33. Other versions may also be affected. Exploitation: Remote code execution Secunia Number:...

VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability

VERITAS Backup Exec Remote Agent for Windows Servers is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Project Pier Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Project Pier...

VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability

VERITAS Backup Exec Agent Browser is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4969

The CVE-2012-4969 issue is a use-after-free in the CMshtmlEd::Exec function of mshtml.dll used by Microsoft Internet Explorer (IE6–IE9 according to the CVE payload). Exploitation enabled remote code execution via a crafted website; the vulnerability was observed in the wild around September 2012....

PT-2012-1236 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 9 Description: A use-after-free issue in the CMshtmlEd::Exec function in mshtml.dll allows remote attackers to execute arbitrary code via a crafted web site. This issue has been exploited in the...

Microsoft Internet Explorer execCommand Use-After-Free

Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability

This module exploits a vulnerability found in Microsoft Internet Explorer MSIE. When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpected manner, but the same memory is reused again later in the CMshtmlEd::Exec function, leading to a use-after-free condition. Please note tha...

Mandrake Linux Security Advisory : wu-ftpd (MDKSA-2000:014)

Wu-ftpd is vulnerable to a very serious remote attack in the SITE EXEC implementation. Because of user input going directly into a format string for a printf function, it is possible to overwrite important data, such as a return address, on the stack. When this is accomplished, the function can...

CVE-2012-2085

The execcommand function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute...