Lucene search
K

8750 matches found

RubySec
RubySec
added 2013/04/04 12:0 a.m.17 views

kelredd-pruview Gem for Ruby /lib/pruview/document.rb File Name Shell Metacharacter Injection Arbitrary Command Execution

kelredd-pruview Gem for Ruby contains a flaw in /lib/pruview/document.rb. The issue is triggered during the handling of a specially crafted file name that contains injected shell metacharacters. This may allow a context-dependent attacker to potentially execute arbitrary commands...

9.3CVSS7.3AI score0.01605EPSS
Exploits1References1
RubySec
RubySec
added 2013/03/26 12:0 a.m.13 views

Thumbshooter Gem for Ruby thumbshooter.rb URL Shell Metacharacter Injection Arbitrary Command Execution

Thumbshooter Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input passed to thumbshooter.rb. With a specially crafted URL that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands...

7.5CVSS6.8AI score0.02108EPSS
Exploits0References1
CVE
CVE
added 2013/03/20 10:0 p.m.66 views

CVE-2013-2615

The CVE-2013-2615 entry affects the fastreader Ruby Gem, specifically lib/entry_controller.rb in version 1.0.8. The vulnerability enables remote code execution by passing shell metacharacters in a URL, allowing an attacker to execute arbitrary commands on the host. The NVD entry lists a base scor...

7.5CVSS7.8AI score0.02268EPSS
Exploits1References5Affected Software1
Metasploit
Metasploit
added 2013/03/19 8:43 a.m.36 views

Nagios Remote Plugin Executor Arbitrary Command Execution

The Nagios Remote Plugin Executor NRPE is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dontblamenrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NR...

7.5CVSS0.1AI score0.65724EPSS
Exploits9
Packet Storm
Packet Storm
added 2013/03/15 12:0 a.m.37 views

OpenPLI Webif Arbitrary Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenPLI Webif Arbitrary Command...

0.6AI score
Exploits0
RubySec
RubySec
added 2013/03/12 12:0 a.m.21 views

MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection

MiniMagick Gem for Ruby contains a flaw that is triggered during the handling of specially crafted input from an untrusted source passed via a URL that contains a ';' character. This may allow a context-dependent attacker to potentially execute arbitrary commands...

7.5CVSS4.5AI score0.03633EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/03/08 12:0 a.m.77 views

Adobe InDesign Server RunScript Arbitrary Command Execution

The version of Adobe InDesign Server running on the remote host has an arbitrary command execution vulnerability. When the SOAP service is enabled, it processes requests for the RunScript method without requiring authentication. This method can be used to execute arbitrary VBScript on Windows, or...

6.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/02/27 12:0 a.m.2 views

Nagios XI Autodiscovery Arbitrary Command Execution

An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the...

7.6AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2013/02/14 12:0 a.m.31 views

EMC AlphaStor Device Manager 0x75 Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AlphaStor for EMC Networker. Authentication is not required to exploit this vulnerability. The specific flaw exists within Device Manager rrobotd.exe which listens by default on port 3000. When...

10CVSS7.1AI score0.34468EPSS
Exploits10References1
Saint
Saint
added 2013/01/25 12:0 a.m.47 views

rsh Excessive Trust Vulnerability

Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...

10CVSS7.9AI score0.04635EPSS
Exploits4
Saint
Saint
added 2013/01/23 12:0 a.m.23 views

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/01/11 12:0 a.m.22 views

Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution

source: https://www.securityfocus.com/bid/57300/info Microsoft Lync is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...

7.4AI score
Exploits0
OSV
OSV
added 2013/01/04 9:55 p.m.2 views

DEBIAN-CVE-2012-6329

The compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input t...

7.5CVSS7.6AI score0.61604EPSS
Exploits13References1
exploitpack
exploitpack
added 2012/12/21 12:0 a.m.20 views

VoipNow Service Provider Edition - Arbitrary Command Execution

VoipNow Service Provider Edition - Arbitrary Command Execution source: https://www.securityfocus.com/bid/57032/info VoipNow Service Provider Edition is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit th...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2012/12/07 12:0 a.m.25 views

m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities

m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: m0n0wall 1.33 CSRF Remote root Access Date: 30/11/2012 Author: Yann CAM @ Synetis Vendor or Software Link: m0n0.ch - m0n0.ch/wall/downloads.php Version: 1.33 Category: CSRF Remote root Access Google dork: Tested on...

1.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2012/11/18 12:0 a.m.6 views

Samsung Kies Arbitrary Command Execution (CVE-2012-3807)

An arbitrary command execution vulnerability has been reported in Samsung Kies. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing a target user to visit a specially crafted web page using an affected version of...

7.5CVSS9.1AI score0.31563EPSS
Exploits3
Saint
Saint
added 2012/10/26 12:0 a.m.35 views

HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow

Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...

1AI score
Exploits0
Saint
Saint
added 2012/10/22 12:0 a.m.28 views

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

10CVSS6.8AI score0.62876EPSS
Exploits8
Saint
Saint
added 2012/10/22 12:0 a.m.19 views

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

10CVSS6.8AI score0.62876EPSS
Exploits8
Exploit DB
Exploit DB
added 2012/10/16 12:0 a.m.19 views

AjaXplorer - 'checkInstall.php' Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...

7.4AI score
Exploits0
Rows per page
Query Builder