8703 matches found
Nagios Remote Plugin Executor Metacharacter Filtering Omission
Added: 05/13/2013 CVE: CVE-2013-1362 BID: 58142 OSVDB: 90582 Background Nagios is a network host and service monitoring and management system. Nagios Remote Plugin Executor NRPE is an addon for Nagios that allows remote execution of Nagios plugins on other Linux/Unix machines. Problem Nagios Remo...
Nagios NRPE nrpe.c Arbitrary Command Execution
The remote host is running a version of Nagios NRPE that contains a flaw that is triggered when input passed via '$' is not properly sanitized before being used to execute plugins. An unauthenticated, remote attacker could exploit this issue to execute arbitrary commands within the context of the...
MoinMoin - Arbitrary Command Execution
MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...
MoinMelt Arbitrary Command Execution Exploit
MoinMelt remote arbitrary command execution exploit !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +...
MoinMoin - Arbitrary Command Execution
!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...
MoinMelt Arbitrary Command Execution
!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...
CVE-2013-1948
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...
CVE-2013-1933
The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...
CVE-2013-1933
The extractfromocr function in lib/docsplit/textextractor.rb in the Karteek Docsplit karteek-docsplit gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename...
CVE-2013-1948
The CVE-2013-1948 issue affects the md2pdf Ruby gem (version 0.0.1) where converter.rb passes user input directly to shell commands, allowing a context-dependent attacker to inject shell metacharacters in a filename and execute arbitrary commands. This is a remote command-injection vulnerability ...
md2pdf Gem for Ruby md2pdf/converter.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
md2pdf Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to md2pdf/converter.rb. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
Nagios Remote Plugin Executor Arbitrary Command Execution
The Nagios Remote Plugin Executor NRPE is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dontblamenrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NR...
Nagios Remote Plugin Executor - Arbitrary Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'zlib' class Metasploit3 'Nagios Remote Plugin...
kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution
kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands...
Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution
Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...
CVE-2013-2615
The CVE-2013-2615 entry affects the fastreader Ruby Gem, specifically lib/entry_controller.rb in version 1.0.8. The vulnerability enables remote code execution by passing shell metacharacters in a URL, allowing an attacker to execute arbitrary commands on the host. The NVD entry lists a base scor...
Nagios Remote Plugin Executor Arbitrary Command Execution
The Nagios Remote Plugin Executor NRPE is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dontblamenrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NR...
OpenPLI Webif Arbitrary Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenPLI Webif Arbitrary Command...
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands...
Adobe InDesign Server RunScript Arbitrary Command Execution
The version of Adobe InDesign Server running on the remote host has an arbitrary command execution vulnerability. When the SOAP service is enabled, it processes requests for the RunScript method without requiring authentication. This method can be used to execute arbitrary VBScript on Windows, or...