8703 matches found
[ MDVSA-2012:009 ] perl
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:009 http://www.mandriva.com/security/ Package : perl Date : January 18, 2012 Affected: Enterprise Server 5.0 Problem Description: A vulnerability has been found and corrected in perl: Eval injection in the...
op5 Config Arbitrary Command Execution
The version of op5 Config hosted on the remote web server is earlier than 2.0.3. As such, it contains a flaw on its welcome page that allows a remote, unauthenticated attacker to run arbitrary commands with root privileges simply by enclosing them in backticks in the password field. %NASLMINLEVEL...
op5 Portal Arbitrary Command Execution
The version of op5 Config hosted on the remote web server is earlier than 1.6.2. As such, it contains a flaw in the 'license.php' script that allows a remote, unauthenticated attacker to run arbitrary commands with the privileges of the web user simply by enclosing them in backticks in the...
DEBIAN-CVE-2011-3597
Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...
CVE-2011-3597
CVE-2011-3597 is an eval-injection vulnerability in the Perl Digest module (before 1.17). The vulnerability allows context-dependent attackers to execute arbitrary commands via the module’s new constructor. Affected component: Digest module for Perl; root cause described as improper handling/unsa...
PmWiki pagelist.php Remote PHP Code Injection Exploit
This module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Traq admincp/common.php Remote Code Execution
This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located in the /admicp/ directory to make sure the user has admin rights. This is a broken authorization schema because the header...
Family Connections less.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in Family Connections 2.7.1. It's in the dev/less.php script and is due to an insecure use of system. Authentication isn't required to exploit the vulnerability but registerglobals must be set to On. This module requires Metasploit...
Family Connections less.php Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Family Connection...
Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability
Family Connections is prone to a remote arbitrary command- execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application. OpenVAS Vulnerability Test $Id:...
Dell KACE K2000 Appliance database administration account allows arbitrary command execution
Overview The Dell KACE K2000 System Deployment Appliance contains a vulnerability that could allow a remote attacker to execute arbitrary commands on an affected device. Description The Dell KACE K2000 Deployment Appliance is an integrated systems provisioning product for large-scale operating...
Ubuntu 10.10 : linux vulnerabilities (USN-1243-1)
It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...
Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1242-1)
It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. CVE-2011-1479 Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit...
Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: CiscoWorks Common Services Arbitrary Command Execution Vulnerability Advisory ID: cisco-sa-20111019-cs Revision 1.0 For Public Release 2011 October 19 16:00 UTC GMT...
CiscoWorks Common Services Arbitrary Command Execution Vulnerability
CiscoWorks Common Services for Microsoft Windows contains a vulnerability that could allow an authenticated, remote attacker to execute arbitrary commands on the affected system with the privileges of a system administrator. Cisco has released software updates that address this vulnerability. The...
ABUS TVIP 11550/21550 Multiple vulnerabilities (and possibly other ABUS cams)
Title : ABUS TVIP 11550/21550 Multiple vulnerabilities and possibly other ABUS cams Author : Marco van Berkum - Summary - Arbitrary file read - Arbitrary file upload - Arbitrary command excution input validation bug - How it's totally compromised including ssh root login. - Summary The ABUS 11550...
FreeBSD : openoffice -- arbitrary command execution vulnerability (e595e170-6771-11dc-8be8-02e0185f8d72)
iDefense reports : Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When...
Spreecommerce 0.60.1 Arbitrary Command Execution
$Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Snortreport nmap.php/nbtscan.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in nmap.php and nbtscan.php scripts. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Snortreport nmap.php/nbtscan.php Remote...
Snortreport - '/nmap.php' / 'nbtscan.php' Remote Command Execution (Metasploit)
$Id: snortreportexec.rb 13843 2011-10-09 06:12:54Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...