AWStats migrate Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'AWStats...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Alcatel-Luce...

Irix LPD tagprinter Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Irix LPD...

Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution

Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution source: https://www.securityfocus.com/bid/36634/info Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects the following: 3ds...

Autodesk 3ds - Max Application Callbacks Arbitrary Command Execution

source: https://www.securityfocus.com/bid/36634/info Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects the following: 3ds Max 6 through 9 3ds Max 2008 through 2010 Other versions may also be...

Rhino Software Serv-U FTP Server RNTO Command Directory Traversal (CVE-2008-4501)

Serv-U FTP Server is developed by Rhino Software. It is a widely-used FTP server that includes enterprise-grade features such as SSL support, ODBC and Windows NT/SAM user account management, virtual directories, compression etc. By default configuration, Serv-U FTP Server listens on 21/TCP for...

CVE-2009-3233

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack...

CVE-2009-3233

changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack...

Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)

The host is running Apache and is prone to Command Injection vulnerability. OpenVAS Vulnerability Test $Id: secpodapachemodproxyftpcmdinjvuln.nasl 5390 2017-02-21 18:39:27Z mime $ Apache 'modproxyftp' Module Command Injection Vulnerability Linux Authors: Sharath S Copyright: Copyright c 2009...

Multiple Vulnerabilities in Hitachi JP1/File Transmission Server/FTP

Overview Hitachi JP1/File Transmission Server/FTP contains multiple vulnerabilities that could allow an attacker to execute arbitrary commands. Impact A remote attacker could execute arbitrary commands. Solution Please refer to the 'Vendor Information' section for the official countermeasure and...

GLSA-200909-15 : Lynx: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200909-15 Lynx: Arbitrary command execution Clint Ruoho reported that the fix for CVE-2005-2929 GLSA 200511-09 only disabled the lynxcgi:// handler when not using the advanced mode. Impact : A remote attacker can entice a user to...

Sql injection

Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 calendar.php, 2 news.php, and 3 links.php; and the 4 assignmentid parameter to assignments.php...

RedHat Security Advisory RHSA-2009:1278

The remote host is missing updates announced in advisory RHSA-2009:1278. LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in...

MySQL COM_TABLE_DUMP Information Leakage and Arbitrary Command Execution

No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...

SILC Toolkit 'command.c'格式串漏洞

Bugraq ID: 36193 SILC Toolkit是一款提供SILC协议实现的软件开发工具集。 SILC Toolkit 'command.c'文件存在格式串错误，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 目前没有详细漏洞细节提供。 SILC Toolkit 1.1.8 SILC Toolkit 1.1.6 SILC Toolkit 1.1.5 SILC Toolkit 1.1.4 SILC Toolkit 1.1.3 SILC Toolkit 1.1.2 SILC Toolkit 1.1.1 SILC Toolkit 1.1 厂商解决方案 用户可联系供应商升级到SIL...

EMC Replication Manager irccd.exe RunProgram Message Handling Arbitrary Command Execution

Binary data emcrmcclient.nbin...

Alcatel-Lucent OmniPCX Enterprise masterCGI Arbitrary Command Execution

This module abuses a metacharacter injection vulnerability in the HTTP management interface of the Alcatel-Lucent OmniPCX Enterprise Communication Server 7.1 and earlier. The Unified Maintenance Tool contains a 'masterCGI' binary which allows an unauthenticated attacker to execute arbitrary...

Open Auto Classifieds <= 1.5.9 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Open Auto Classifieds = 1.5.9 Multiple Remote Vulnerabilities ============================================================== MorningStar Security - Advisory...

Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities

MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Open Auto Classifieds 1. Advisory Information ---------------------------------------------------------------------------------------------- Title: Multiple security issues in Open Auto Classifieds...

Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution

The remote host contains an ActiveX control from Acer called 'AcerCtrls.APlunch'. If this control is distributed with the appropriate 'Implemented Categories' registry key, it may be marked as safe for scripting. This would allow a web page in Internet Explorer to call the control's 'Run' method....