8703 matches found
iScripts AutoHoster - 'tmpid' Local File Inclusion
source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit laten...
齐博CMS 任意命令执行
No description provided by source...
CVE-2013-6421
The CVE-2013-6421 entry concerns the sprout Ruby gem (archive_unpacker.rb, unpack_zip) in version 0.7.246. The vulnerability allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path, due to insufficient sanitization of inputs (zip_fil...
Webbynode Gem for Ruby notify.rb growlnotify Message Handling Arbitrary Command Execution
Webbynode Gem for Ruby contains a flaw in notify.rb that is triggered when handling a specially crafted growlnotify message. This may allow a context-dependent attacker to execute arbitrary commands...
D-Link DSR Router Remote Root Shell
!/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N Firmware v1.08B44 D-Link DSR-500 and...
CVE-2013-4457
CVE-2013-4457 affects the Cocaine gem for Ruby, specifically versions 0.4.0 through 0.5.2. The vulnerability allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. Affects the gem’s handling of interpolated variables...
Moodle - Remote Command Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit4 'Moodle Remote Command Execution', 'Description' = %q Moodle allows an authenticated user to define spellchec...
Moodle Remote Command Execution
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...
Multiple Vulnerabilities in Cisco Identity Services Engine
Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution (CVE-2013-4983)
A command injection vulnerability has been reported in Sophos Web Protection Appliance. The vulnerability is due to sblistpack component, reachable from the web interface without authentication. An unauthenticated remote attacker could execute arbitrary OS commands on the Sophos appliance...
CVE-2013-2578
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the ServerName parameter and 2 other unspecified...
Arbitrary Commands Execution Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview The JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability where arbitrary commands may be executed when they receive request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute...
Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability
Exploit for hardware platform in category web applications Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...
Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery
Asus RT-N66U 3.0.0.4.374720 - Cross-Site Request Forgery Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage:...
ASUS RT-N66U 3.0.0.4.374_720 Cross Site Request Forgery
Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage: http://www.asus.com/Networking/RTN66U/ Software Link:...
Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery
Exploit Title: CSRF Asus RT-N66U Arbitrary Command Execution Google Dork: N.A. Date: 30 September 2013 Exploit Author: cgcai https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html Vendor Homepage: http://www.asus.com/Networking/RTN66U/ Software Link:...
Cisco Unified Computing System Arbitrary Command Execution Vulnerability
A vulnerability in the remote debug shell in Cisco Unified Computing System PALO adapter cards could allow an authenticated, local attacker to execute commands on the underlying operating system with elevated privileges. The vulnerability is due to insufficient handling of special characters. An...
Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability
A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect FI devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the cluster initial...
Cisco Unified Computing System Fabric Interconnect Devices Arbitrary Command Execution Vulnerability
A vulnerability in the initial setup script of Cisco Unified Computing System fabric interconnect devices could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to unfiltered input in the initial configuration...
Cisco Unified Computing System Baseboard Management Controller Arbitrary Command Execution Vulnerability
A vulnerability in the fabric interconnect FI of Cisco Unified Computing System could allow an authenticated, local attacker to execute arbitrary commands on the Baseboard Management Controller BMC with elevated privileges. The vulnerability is due to improper input validation in the MCTOOLS...