8703 matches found
SMBlog 1.2 Arbitrary PHP Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16905/info SMBlog is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitra...
Jetty 3.1.6/3.1.7/4.1 Servlet Engine Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5852/info A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to...
PHPOutsourcing Zorum 3.5 Prod.PHP Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14601/info Zorum is prone to an arbitrary command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access i...
AjaXplorer checkInstall.php Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
JamMail 1.8 Jammail.pl Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13937/info JamMail is prone to a remote arbitrary command execution vulnerability. This vulnerability may allow an attacker to supply arbitrary commands through the 'jammail.pl' script. This can lead to various attacks...
JAVA Web Start Arbitrary command-line injection
No description provided by source. Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common 0day++ tweet. The method in which Java Web Start support has bee...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management...
Cogent DataHub Web Server GetPermissions.asp Command Injection (CVE-2014-3789)
A remote command injection vulnerability has been reported in Cogent DataHub. The vulnerability is due to insufficient validation within the GetPermissions.asp page. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to GetPermissions.asp. This can result...
Lunar CMS 3.3 - Remote Command Execution
Lunar CMS 3.3 - Remote Command Execution !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written...
Lunar CMS 3.3 - Remote Command Execution
!/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
Summary Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so popular PHP5 & MySQL. Description Lunar CMS suffers from an unauthenticated arbitrary command execution vulnerability. The issue is caused due to the improper...
Usermin vulnerable to OS command injection
Overview Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...
GLSA-201406-15 : KDirStat: Arbitrary command execution
The remote host is affected by the vulnerability described in GLSA-201406-15 KDirStat: Arbitrary command execution Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact : A local attacker could possibly execute arbitrary shell command with t...
KDirStat: Arbitrary command execution
Background KDirStat is a graphical disk usage utility for KDE. Description Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact A local attacker could possibly execute arbitrary shell command with the privileges of the process. Workaround...
openSUSE Security Update : nagios-nrpe (openSUSE-SU-2013:0621-1)
NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...
CVE-2013-7323
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...
CVE-2013-7323
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...
CVE-2014-3789
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors...
IBM Lotus Protector for Mail Security Multiple Vulnerabilities
A version of IBM Lotus Protector for Mail Security is installed on the remote host that is affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the Admin Web UI. CVE-2014-0884 - An unspecified cross-site request forgery vulnerability exists in the...
EZPZ One Click Backup Plugin for WordPress 'cmd' Parameter Remote Command Execution
The EZPZ One Click Backup Plugin for WordPress installed on the remote host is affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'cmd' parameter in the ezpz-archive-cmd.php script. An unauthenticated, remote attacker can exploit...