Redmine SCM Repository 0.9.x/1.0.x - Arbitrary Command Execution (Metasploit)

$Id: redminescmexec.rb 11516 2011-01-08 01:13:26Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Redmine SCM Repository Arbitrary Command Execution

$Id: redminescmexec.rb 11414 2010-12-25 14:43:13Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Redmine SCM Repository Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering. This module requires Metasploit: https://metasploit.com/download Current...

Citrix Access Gateway - Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Citrix Access Gateway Command Injection Vulnerability Release Date: 2010-12-21 Application: Citrix Access...

Citrix Access Gateway Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Citrix Access Gateway Command Injection Vulnerability Release Date: 2010-12-21 Application: Citrix Access...

Redmine SCM Repository - Arbitrary Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Redmine SCM Repository Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help...

Awstats < 7.0 Configuration File Remote Arbitrary Command Execution Vulnerability

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution

source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. An attacker can exploit this vulnerability to execute arbitrary shell commands in the contex...

Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in 1 ciscodnsinfo or 2 ciscodomaininfo data in a packet, a different vulnerability than CVE-2010-3302...

FreeNAS exec_raw.php Arbitrary Command Execution

This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 'FreeNAS execraw.php Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution flaw in FreeNAS 0.7.2 'MC' , 'License' = MSFLICENSE, 'References' = 'OSVDB', '94441' , 'URL',...

CVE-2010-3895

CVE-2010-3895 affects IBM OmniFind Enterprise Edition prior to 9.1. The vulnerability stems from esRunCommand, which allows a local user to escalate privileges by supplying an arbitrary command name as the first argument due to insufficient input handling in the administration/system execution pa...

FreeNAS 'exec_raw.php' Arbitrary Command Execution

The version of FreeNAS on the remote host fails to restrict access to its 'execraw.php' script. A remote, unauthenticated attacker can pass arbitrary commands through the script's 'cmd' parameter and have them executed with administrative privileges. %NASLMINLEVEL 70300 C Tenable Network Security...

TeamSpeak Client Arbitrary command execution vulnerability (Windows)

This host is installed with TeamSpeak client and is prone to arbitrary command execution vulnerability. OpenVAS Vulnerability Test $Id: gbteamspeakclientcommandexevuln.nasl 5374 2017-02-20 16:36:11Z cfi $ TeamSpeak Client Arbitrary command execution vulnerability Windows Authors: Antu Sanadi...

TeamSpeak Client <= 2.0.32.60 Arbitrary Command Execution Vulnerability - Windows

The TeamSpeak client is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VERITAS NetBackup Remote Command Execution

VERITAS NetBackup Remote Command Execution. CVE-2004-1389. Remote exploits for multiple platform $Id: veritasnetbackupcmdexec.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the...

hplip - &#039;hpssd.py&#039; From Address Arbitrary Command Execution (Metasploit)

$Id: hpliphpssdexec.rb 10617 2010-10-09 06:55:52Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Irix LPD tagprinter Command Execution

Irix LPD tagprinter Command Execution. CVE-2001-0800. Remote exploit for irix platform $Id: tagprinterexec.rb 10561 2010-10-06 00:53:45Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web si...

Update Protection against Symantec Alert Management System HNDLRSVC Arbitrary Command Execution

An arbitrary command execution vulnerability exists in Symantec Alert Management System AMS2 service shipped with multiple Symantec products. The AMS service starts an alert handler service, HNDLRSVC, that listens for commands from the AMS server. The service does not perform proper authenticatio...

CVE-2010-3313

phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...