Lucene search
+L

415 matches found

Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.17 views

Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)

This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...

5.8AI score
Exploits0References6
NVD
NVD
added 2015/04/10 3:0 p.m.57 views

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

10CVSS7.7AI score0.05216EPSS
Exploits0References7
Prion
Prion
added 2015/04/10 3:0 p.m.22 views

Default credentials

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

10CVSS8.2AI score0.05216EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2015/02/17 3:59 p.m.51 views

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

9.8CVSS7.6AI score0.99906EPSS
Exploits19References6
CVE
CVE
added 2015/02/17 3:0 p.m.1268 views

CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...

9.8CVSS9.2AI score0.99906EPSS
In wildExploits19References9Affected Software1
Prion
Prion
added 2015/02/01 2:59 a.m.14 views

Design/Logic Flaw

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...

9CVSS7.8AI score0.08116EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2015/02/01 2:0 a.m.24 views

CVE-2014-7288

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...

7.2AI score0.08116EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2014/12/17 12:0 a.m.52 views

CentOS 6 / 7 : mailx (CESA-2014:1999)

Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

7.8CVSS7.7AI score0.06858EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/12/17 12:0 a.m.27 views

Scientific Linux Security Update : mailx on SL6.x, SL7.x i386/x86_64 (20141216)

A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771, CVE-2014-7844...

7.8CVSS7.6AI score0.06858EPSS
Exploits1References3
Check Point Advisories
Check Point Advisories
added 2014/11/02 12:0 a.m.91 views

Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)

A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...

9.3CVSS7.7AI score0.78546EPSS
Exploits15
Exploit DB
Exploit DB
added 2014/10/08 12:0 a.m.734 views

OpenSSH < 6.6 SFTP (x64) - Command Execution

define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include include include include include include define mina,b ab?a:...

7.4AI score
Exploits0
Mageia
Mageia
added 2014/07/26 12:52 p.m.49 views

Updated asterisk packages fix security vulnerabilities

Updated asterisk packages fix security vulnerabilities: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action CVE-2014-4046. Asterisk Open...

6.5CVSS7AI score0.05679EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Brian Stanback bslist.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the user-supplied email addresses...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

GForge 3.x Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13716/info GForge is affected by a remote command execution vulnerability. This issue arises because the application fails to sanitize user-supplied data passed through URI parameters. An attacker can supply arbitrary she...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Brian Stanback bsguest.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. The script fails to properly filter ';' characters from the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads to a failure to properly filte...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

ewire Payment Client 1.60/1.70 Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25683/info ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

BlueCat Networks Adonis 5.0.2 .8 CLI Remote Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25342/info BlueCat Networks Adonis devices are prone to a remote privilege-escalation vulnerability because the software fails to properly sanitize user-supplied input. An attacker with administrative privileges can explo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

DotBr 0.1 System.PHP3 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell comman...

7.1AI score
Exploits0
Rows per page
Query Builder