8703 matches found
Nagios XI Autodiscovery Arbitrary Command Execution
An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the...
EMC AlphaStor Device Manager 0x75 Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager rrobotd.exe which listens by default on port 3000. When...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
Nagios XI Graph Explorer Component OS Command Injection Vulnerability
Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...
Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
source: https://www.securityfocus.com/bid/57300/info Microsoft Lync is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...
DEBIAN-CVE-2012-6329
The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input t...
VoipNow Service Provider Edition - Arbitrary Command Execution
VoipNow Service Provider Edition - Arbitrary Command Execution source: https://www.securityfocus.com/bid/57032/info VoipNow Service Provider Edition is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit th...
m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities
m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: m0n0wall 1.33 CSRF Remote root Access Date: 30/11/2012 Author: Yann CAM @ Synetis Vendor or Software Link: m0n0.ch - m0n0.ch/wall/downloads.php Version: 1.33 Category: CSRF Remote root Access Google dork: Tested on...
Samsung Kies Arbitrary Command Execution (CVE-2012-3807)
An arbitrary command execution vulnerability has been reported in Samsung Kies. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing a target user to visit a specially crafted web page using an affected version of...
HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow
Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...
AjaXplorer - 'checkInstall.php' Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...
AjaXplorer checkInstall.php Remote Command Execution
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
AjaXplorer checkInstall.php Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...
AjaXplorer checkInstall.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
UBUNTU-CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
ViArt Shop Enterprise 4.1 Arbitrary Command Executio
?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line...
ViArt Shop Enterprise 4.1 Arbitrary Command Execution / XSS Vulnerabilities
Exploit for php platform in category web applications ?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide...
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution ?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provi...