8703 matches found
LibreOffice 4.3.x < 4.3.1 Multiple Vulnerabilities
A version of LibreOffice is installed on the remote Windows host that is 4.3.x prior to 4.3.1. It is, therefore, affected by the following vulnerabilities : - An input-validation error exists related to handling Calc spreadsheets that allows arbitrary command execution. CVE-2014-3524 - An...
Mango cloud KODExlporer information leak+arbitrary command execution getshell(a-vulnerability warning-the black bar safety net
Do you want to blast your entire chrysanthemum it??? I take it slow and... Don't be afraid to hurt it. Give up Detailed description: Code I from official website next. Dog brother, waiting for the Universal rewards. I don't have how analysis, own download sets of source code to build it! I don't...
ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software: ResourceSpace Digital Asset...
JVN#16406395: "File Upload BBS" of i-HTTPD vulnerable to remote command execution
i-HTTPD is a web server for Windows, implementing Server Side Includes SSI. i-HTTPD contains "File Upload BBS". When "File Upload BBS" is activated, a user can upload files on the server, and i-HTTPD processes SSI directives in the uploaded files CWE-97. Impact An arbitrary command may be execute...
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
CVE-2014-8417
CVE-2014-8417 affects Asterisk’s ConfBridge: remote authenticated users can escalate privileges via the external protocol to the CONFBRIDGE dialplan function or run arbitrary commands via a crafted ConfbridgeStartRecord AMI action. Affected: Asterisk 11.x pre-11.14.1, 12.x pre-12.7.1, 13.x pre-13...
CVE-2014-7817
CVE-2014-7817 affects the GLIBC wordexp function (glibc) where WRDE_NOCMD was not enforced, allowing context-dependent local attackers to execute arbitrary commands via input containing shell substitutions (e.g., $(...)). Public disclosures and vendor advisories (Debian/DSA-3142-1; CentOS CESA no...
CVE-2014-8387
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi...
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server PoC GET /cmdownloads/?CMDsearch=".phpinfo." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:33....
IIS4\IIS5 CGI environment block forged 0day-vulnerability warning-the black bar safety net
IIS4\IIS5 CGI environment block forged 0day About 1 4 years ago find until now the 0day Is IIS4\IIS5 vulnerabilities, corresponding to theoperating systemis a winnt and win2000 system that Microsoft no longer supports the software, their strategies want to knock out these systems, 1 to 1 of the...
NetBSD tnftp fetch.c fetch_url Command Execution (CVE-2014-8517)
A command execution vulnerability has been reported in NetBSD tnftp. The vulnerability is due to insufficient validation of the ftp output file name when using an HTTP URI to fetch files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a malicious UR...
Dropbear < 0.48 Multiple Vulnerabilities
Dropbear is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...
MS Office 2007 and 2010 - OLE Arbitrary Command Execution
No description provided by source. Full exploit: http://www.exploit-db.com/sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web -...
HP Data Protector 'EXEC_INTEGUTIL' Arbitrary Command Execution
Binary data hpdataprotectorzdi14344.nbin...
Fedora 20 : tnftp-20141031-1.fc20 (2014-14113)
Security fix for CVE-2014-8517 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Microsoft Office 20072010 - OLE Arbitrary Command Execution
Microsoft Office 20072010 - OLE Arbitrary Command Execution Full exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking...
WordPress XCloner Plugin - Multiple Vulnerabilities
XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...
WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities
WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress Plugin / Joomla! Component XCloner - Multiple Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
tnftp "savefile" Arbitrary Command Execution Exploit
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...