Zamfoo 12.6 Arbitrary Command Execution

Title: Zamfoo Multiple Arbitrary Command Executions Author: Al-Shabaab Vendor Homepage:http://www.zamfoo.com/ Version: 12.6 Intro The ZamFoo software suite is a series of WHM plugin modules also known as WHM addon modules catered towards easing the burden of web hosting providers that sell shared...

MGASA-2014-0202 Updated rxvt-unicode packages fix CVE-2014-3121

Updated rxvt-unicode package fixes security vulnerability: rxvt-unicode aka urxvt before 9.20 is vulnerable to a user-assisted arbitrary commands execution issue. This can be exploited by the unprocessed display of certain escape sequences in a crafted text file or program output. Arbitrary comma...

CVE-2013-7221

The automatic screen lock functionality in GNOME Shell aka gnome-shell before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation...

CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...

UBUNTU-CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...

CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...

CVE-2013-7221

Technical details about CVE-2013-7221 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

Nagios NRPE Command Argument Processing Enabled

The version of Nagios Remote Plugin Executor NRPE running on the remote host has command argument processing enabled and accepts the newline character. An unauthenticated, remote attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application by...

CVE-2014-2996

XCloner Standalone 3.5 and earlier are affected by CVE-2014-2996: when enable_db_backup and sql_mem are enabled, remote authenticated administrators can execute arbitrary commands via shell metacharacters in the dbbackup_comp parameter in a generate action to index2.php. The notes indicate uncert...

UBUNTU-CVE-2014-2328

lib/graphexport.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors...

Fedora 20 : cacti-0.8.8b-5.fc20 (2014-4892)

Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. Note that Tenable Network Security has extracted the preceding description block directly from the...

CommonSpot < 7.0.2 / 8.0.3 / 9.0.0 Multiple Vulnerabilities

According to its version number, the CommonSpot install hosted on the remote web server is affected by multiple vulnerabilities : - An access restriction bypass via a direct request. CVE-2014-2859 - Multiple cross-site scripting XSS vulnerabilities. CVE-2014-2860, CVE-2014-2861 - Improper...

Fedora 19 : cacti-0.8.8b-5.fc19 (2014-4928)

Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. Note that Tenable Network Security has extracted the preceding description block directly from the...

CVE-2011-3180

kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown...

CVE-2011-4192

CVE-2011-4192 affects kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The issue allows attackers to execute arbitrary commands, demonstrated by "double quotes in kiwi_oemtitle of .profile." The connected documents corrobo...

CVE-2011-4195

CVE-2011-4195 affects kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. An attacker can execute arbitrary commands via shell metacharacters in an image name. Impact: arbitrary command execution with network-accessible cont...

eScan Web Management Console Command Injection Exploit

This Metasploit module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, th...

Vtiger - &#039;Install&#039; Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Vtiger Install Unauthenticated Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

Sophos Web Protection Appliance Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution', 'Description' = %q This module takes advantage ...

Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability

Multiple vendors SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.103935";...