8703 matches found
Snortreport nmap.php and nbtscan.php Remote Command Execution
Exploit for php platform in category web applications $Id: snortreportexec.rb 13843 2011-10-09 06:12:54Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...
Spreecommerce 0.60.1 Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution. This module requires Metasploit: https://metasploit.com/download Current source:...
Debian: Security Advisory (DSA-2302-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Firefox sensor.dll Insecure Library Loading
Added: 09/13/2011 CVE: CVE-2011-2980 BID: 49217 OSVDB: 74583 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user...
Firefox sensor.dll Insecure Library Loading
Added: 09/13/2011 CVE: CVE-2011-2980 BID: 49217 OSVDB: 74583 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user...
CVE-2011-2649
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call...
Design/Logic Flaw
Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to execute arbitrary commands via shell metacharacters in an unspecified FileUtils function call...
CVE-2011-2649
Kiwi before 3.74.2 (as used in SUSE Studio 1.1 before 1.1.4) is vulnerable to command execution via shell metacharacters in an unspecified FileUtils function. The root cause is not fully detailed in the provided documents, but the vulnerability allows an attacker to execute arbitrary commands. Th...
Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution
$Id: amsxfr.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution
Symantec System Center Alert Management System is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This is part of Symantec AntiVirus Corporate Edition 8.0 - 10.1.7. This module requires Metasploit:...
Symantec System Center Alert Management System - 'hndlrsvc.exe' Arbitrary Command Execution (Metasploit)
$Id: amshndlrsvc.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CentOS Update for xterm CESA-2009:0018 centos3 i386
Check for the Version of xterm OpenVAS Vulnerability Test CentOS Update for xterm CESA-2009:0018 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for lftp CESA-2009:1278 centos5 i386
Check for the Version of lftp OpenVAS Vulnerability Test CentOS Update for lftp CESA-2009:1278 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CMSPro! 2.08 - Cross-Site Request Forgery
CMSPro! 2.08 CSRF Vulnerability Title : CMSPro! 2.08 Cross Site Request Forgery CSRF Vulnerability Software : CMSPro! Version : 2.08 Site : http://www.wojoscripts.com/cmspro/ or http://codecanyon.net/item/cms-pro-lightweight-content-management-system/140078 Author : Xadpritox Email :...
Oracle Secure Backup Administration Server login.php uname Parameter Arbitrary Command Injection
The version of Oracle Secure Backup Administration Server running on the remote host fails to adequately sanitize user-supplied input to the 'uname' parameter of 'login.php'. The system performs some sanitization which limits exploitation of this issue, but code execution is still possible. A...
PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0
The specialists of the Positive Research center have revealed an arbitrary code execution vulnerability in ManageEngine ServiceDesk Plus. If Microsoft SQL Server is used as application database server, insufficient validation of input settings for /CustomReporthandler.do script that is use to...
Symantec Backup Exec Products Arbitrary Command Execution vulnerability
Symantec Backup Exec Products is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability
WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction: This is a very special vulnerabilty, given the incredibly high number of...
AWStats Totals 1.14 Remote Command Execution
$Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
AWStats Totals =< v1.14 multisort Remote Command Execution
Exploit for php platform in category web applications $Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more...