256 matches found
Wing FTP Server - (Authenticated) Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wing FTP Server Authenticated Command Execution', 'Description' = %q This module exploits the embedded Lua interpreter in the admin w...
GTCatalog 0.8.16/0.9 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6998/info GTCatalog is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user...
Invision Board 1.1.1 ipchat.php Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote use...
Cedric Email Reader 0.4 Global Configuration Script Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the...
Cedric Email Reader 0.2/0.3 Skin Configuration Script Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6818/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'email.php' script. Under som...
FreeWPS 2.11 Upload.PHP Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version 2.11 is vulnerab...
Сross-Site Request Forgery (CSRF) in XCloner Standalone
Advisory ID: HTB23207 Product: XCloner Standalone Vendor: XCloner Vulnerable Versions: 3.5 and probably prior Tested Version: 3.5 Advisory Publication: March 14, 2014 without technical details Vendor Notification: March 14, 2014 Public Disclosure: April 9, 2014 Vulnerability Type: Cross-Site...
Xangati software release contains relative path traversal and command injection vulnerabilities
Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...
Interactive Graphical SCADA System - Remote Command Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Interactive Graphical SCADA System Remote Command Injection', 'Description' = %q This module abuses a directory traversal flaw in...
Joomla Community Builder Enhanced Local File Inclusion
Hello full-disclosure! Description: Joomla CBE suffers from a local file inclusion vulnerability. As CBE also offers file uploading functionality that allows to upload files that contain php-code, this can be used to execute arbitary system-commands on the host with the webservers privileges. Ris...
CVE-2010-1132
The mlfienvrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message...
CVE-2010-1132
The mlfienvrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message...
FreeWPS 2.11 - upload.php Remote Command Execution
FreeWPS 2.11 - upload.php Remote Command Execution source: https://www.securityfocus.com/bid/20494/info FreeWPS is prone to a remote command-execution vulnerability. Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process. FreeWPS version...
HPRadiaManagement.txt
NGSSoftware Insight Security Research Advisory Name: HP OpenView Radia Management Agent remote command execution via directory traversal Systems Affected: HP OpenView Radia Management Portal versions 2.x and 1.x running Radia Management Agent Severity: High Vendor URL: http://www.hp.com/ Authors:...
Webchat 0.77 - 'Defines.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/7000/info Webchat is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user-supplied data. Under some circumstances...
Symantec Java! JustInTime Compiler 210.65 - Command Execution
Symantec Java! JustInTime Compiler 210.65 - Command Execution source: https://www.securityfocus.com/bid/6222/info A vulnerability has been discovered in the Java! JustInTime compiled used by Netscape Communicator, related to the generation of Intel instructions from specially constructed Java...