Cisco WebEx Meetings Server Command Injection Vulnerability

Cisco WebEx Meetings are web conferencing solutions. A command injection vulnerability exists in Cisco WebEx Meetings Server due to the program failing to properly filter user-supplied input. Allowing an attacker to execute arbitrary commands within the context of the affected application...

AlienVault OSSIM Arbitrary Command Injection

An arbitrary command injection vulnerability has been reported in AlienVault OSSIM. The vulnerability is due to insufficient validation of the password. A remote, authenticated attacker can exploit this vulnerability by sending maliciously crafted input to the affected server...

openSUSE Security Update : git (openSUSE-SU-2015:0159-1)

This update fixes the following security issue : - CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file system bnc910756 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

Migrating Elastix 2.5 Remote Code Execute 0day Exploit

Migrating Elastix 2.5 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification of uploaded files. This can be exploited to execute arbitrary code by creating or uploading a malicious script file. Vulnerability tested on CentOS 7...

Dell iDRAC Products IPMI Arbitrary Command Injection Vulnerability

The remote host is running a version of iDRAC that ships with a version of IPMI that does not sufficiently randomize session ID values. An unauthenticated, remote attacker can exploit this to inject arbitrary commands into a privileged session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Authentication flaw

common.c in infosvr in ASUS WRT firmware 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via ...

CVE-2014-7209

run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

AdaptCMS 3.0.3 - Multiple Vulnerabilities

AdaptCMS 3.0.3 - Multiple Vulnerabilities !/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as wel...

AdaptCMS 3.0.3 Remote Command Execution

!/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only s...

AdaptCMS 3.0.3 Remote Command Execution Exploit

Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...

Microsoft-Office-2007-and-2010---OLE-Arbitrary-Command-Execution

CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Tested on win7 - office 2007 and 2010...

Redmine plugin redmine_git_hosting arbitrary command execution vulnerability

Redmine is the open source project management web application . An arbitrary command execution vulnerability exists in the Redmine plugin redminegithosting, which allows remote attackers to exploit the vulnerability to execute arbitrary commands...

IBM Security AppScan Enterprise Arbitrary Command Execution Vulnerability

IBM Security AppScan Enterprise is a set of U.S. IBM Web application security testing solutions. Formerly known as IBM Rational AppScan Enterprise, the program supports simultaneous scanning of multiple Web applications , generate vulnerability reports and intelligent patching . IBM Security...

Cisco Meraki MS MRMX Arbitrary Command Execution Vulnerability

The Cisco Meraki MS MRMX is a cloud-managed wireless networking device from Cisco. The Cisco Meraki MS MRMX arbitrary command execution vulnerability allows remote attackers to execute arbitrary commands by leveraging knowledge of cross-device secrets and per-device secrets...

TSUTAYA application arbitrary command execution vulnerability

TSUTAYA application is a chain of famous impression stores all over Japan. An arbitrary command execution vulnerability exists in TSUTAYA application versions prior to 5.3 for Android, which allows remote attackers to execute arbitrary Java methods via a crafted HTML document...

FreeBSD : git -- Arbitrary command execution on case-insensitive filesystems (1d567278-87a5-11e4-879c-000c292ee6b8)

The Git Project reports : When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...

CVE-2014-7208

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label...

glibc: command execution in wordexp() with WRDE_NOCMD specified

It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...

ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling

Exploit for php platform in category web applications Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url:...

LibreOffice 4.x < 4.2.6-secfix (4.2.6.3) Multiple Vulnerabilities

A version of LibreOffice is installed on the remote Windows host that is 4.x prior to 4.2.6-secfix 4.2.6.3. It is, therefore, affected by the following vulnerabilities : - An input-validation error exists related to handling Calc spreadsheets that allows arbitrary command execution. CVE-2014-3524...