CVE-2014-3486

The CVE-2014-3486 entry affects Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2. A local attacker could exploit a symlink attack on a temporary file with a predictable name via two components: the shell_exec function in lib/util/MiqSshUtilV1.rb and the temp_cmd_file function in lib...

BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC

No description provided by source. source: http://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium ISC. BIND fails to properly bound the data recieved when processing an inverse...

Matt Kruse Calendar Script 2.2 Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two...

Hylafax 4.1/4.2 - Multiple Scripts Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16151/info HylaFAX is vulnerable to multiple arbitrary command-execution vulnerabilities. This issue is due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities allow an attacker...

Coppermine Photo Gallery 1.x menu.inc.php CPG_URL Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly...

Snoopy 0.9x/1.0/1.2 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access to...

Qualiteam X-Cart 3.x general.php perl_binary Parameter Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values...

Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...

Sendfile 1.x/2.1 Forced Privilege Lowering Failure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2652/info Sendfile is an implementation of the SAFT simple asynchronous file transfer protocol for UNIX systems. A serialization error exists in the Sendfile daemon, sendfiled. When used in conjunction with other problems...

D-Link DSR Router Series - Remote Root Shell Exploit

No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...

Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be call...

CoreHTTP 0.5.3.1 (CGI) - Arbitrary Command Execution Vulnerability

No description provided by source. Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input...

3R Soft MailStudio 2000 2.0 userreg.cgi Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the /.. string passed to a CGI, thereby compromising th...

RedHat 6.2/7.0 Tmpwatch Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1785/info A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of tmpwatch, fuser, improperly handles arguments to system library calls. ...

thttpd <= 2.24 HTTP Request Escape Sequence Terminal Command Injection

No description provided by source. source: http://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary...

DD-WRT HTTP Daemon Arbitrary Command Execution

No description provided by source...

Family Connections less.php Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Irix LPD tagprinter Command Execution

No description provided by source. $Id: tagprinterexec.rb 10561 2010-10-06 00:53:45Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

textcounter.pl 1.2 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered...

AWStats (6.4-6.5) migrate Remote Command Execution

No description provided by source. $Id: awstatsmigrateexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...