CVE-2014-125124 Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell...

The vulnerability of the NetMRI monitoring program allows a intruder to execute arbitrary code.

The vulnerability of the NetMRI network monitoring program in Anyterm lies in an authentication process error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted requests...