GLPI - 'install.php' Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'GLPI install.php Remote Command...

DD-WRT Web Management Interface Remote Arbitrary Shell Command Injection Vulnerability

DD-WRT is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Sophos Web Protection Appliance sblistpack Arbitrary Command Execution

This Metasploit module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This Metasploit module has been tested successfully on Sophos...

Cisco Virtualization Experience Client Series 6000 Local Arbitrary Command Execution Vulnerability

A vulnerability in the diagnostic module of the Cisco Virtualization Experience Client 6000 Series could allow an authenticated, non-privileged, local attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to lack of input validation in the diagnostic...

Android系统的WebView控件任意命令执行漏洞

No description provided by source. script function executecmdArgs return SmokeyBear.getClass.forName"java.lang.Runtime".getMethod"getRuntime",null.invokenull,null.execcmdArgs; function getContentsinputStream var contents = ""; var b = inputStream.read; var i = 1; whileb != -1 var bString =...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.1.1 update

Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scorin...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

CVE-2013-5647

lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a filename...

PineApp Mail-SeCure test_li_connection.php Command Injection

Added: 08/08/2013 BID: 61477 OSVDB: 95782 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection. Problem PineApp...

HP Data Protector Arbitrary Remote Command Execution

This Metasploit module allows execution of a command with an arbitrary number of arguments on Microsoft Windows operating systems. The trick calls a perl.exe interpreter installed with HP Data Protector inside the directory installpath/bin/. The main goal of the script is to bypass the limitation...

HP Data Protector Arbitrary Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP Data Protector...

PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PineApp Mail-SeCure livelog.html...

PineApp Mail-SeCure livelog.html Arbitrary Command Execution

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shellexec php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70. This fil...

PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution

This Metasploit module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the testliconnection.php component, due to the insecure usage of the system php function. This Metasploit module has been tested successfully on PineApp Mail-SeCure 3.70. Thi...

PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PineApp Mail-SeCure ldapsyncnow.php...

PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PineApp Mail-SeCure...

PineApp Mail-SeCure livelog.html Arbitrary Command Execution

This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shellexec php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires Metasploi...

PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution

This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shellexec php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires...

PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution

This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the testliconnection.php component, due to the insecure usage of the system php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires...

Apache 2.0.x < 2.0.65 Multiple Vulnerabilities

According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. CVE-2011-3192 - A flaw exists in 'modproxy' where it...