Matt Wright guestbook.pl Arbitrary Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...

AWStats configdir Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'AWStats...

AWStats migrate Remote Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'AWStats...

openSUSE 10 Security Update : nagios (nagios-6355)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-6355. The text...

SuSE 11 Security Update : nagios (SAT Patch Number 1105)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...

openSUSE Security Update : nagios (nagios-1102)

A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-1102. The text...

MDaemon WorldClient form2raw.cgi Stack Buffer Overflow

This module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed default, a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When...

Sourcefire 3D Sensor & Defense Center 4.8.x Privilege Escalation Vuln

Exploit for cgi platform in category web applications ===================================================================== Sourcefire 3D Sensor & Defense Center 4.8.x Privilege Escalation Vuln ===================================================================== Affected product ----------------...

Debian: Security Advisory (DSA-1816-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Netgear DG632 Router Authentication Bypass Vulnerability

Exploit for hardware platform in category remote exploits ======================================================== Netgear DG632 Router Authentication Bypass Vulnerability ======================================================== Product Name: Netgear DG632 Router Vendor: http://www.netgear.com...

Design/Logic Flaw

cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string...

The CGI script of the invasion to get started quickly+script method of use-vulnerability warning-the black bar safety net

Preface: The following explanation is directed to Europe and the United States Japan website When we are doing penetration analysis of the time there are many ways to We all know the foreign servers are mostly linux platform So there are many website programs have 6 Chengdu will use a cgi script ...

Fedora Update for mod_perl FEDORA-2007-0316

Check for the Version of modperl OpenVAS Vulnerability Test Fedora Update for modperl FEDORA-2007-0316 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for mod_perl FEDORA-2007-576

Check for the Version of modperl OpenVAS Vulnerability Test Fedora Update for modperl FEDORA-2007-576 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

HP OpenView Network Node Manager ovlaunch.exe Information Disclosure (c01661610)

The 'ovlaunch.exe' CGI script included with the version of HP OpenView Network Node Manager installed on the remote host reveals various configuration details in response to a specially crafted request. An unauthenticated, remote attacker could leverage this information to launch further attacks...

AWStats migrate Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration fil...

Barracuda Spam Firewall < 3.5.12.007 Multiple Vulnerabilities (SQLi, XSS)

Binary data 4795.prm...

Sympa < 4.1.3 XSS Vulnerability

The remote web server contains a CGI script that is affected by a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2008 Tenable Network Security Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

TWiki bin/configure 'image' Parameter Traversal Arbitrary File Access/Execution

The version of TWiki running on the remote host allows access to the 'configure' script, and fails to sanitize the 'image' parameter of that script. When the 'action' parameter is set to 'image', an unauthenticated attacker can exploit this issue to execute arbitrary code or to view arbitrary fil...

HP OpenView Network Node Manager connectedNodes.ovpl command execution

Added: 07/02/2008 CVE: CVE-2005-2773 BID: 14662 OSVDB: 19057 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A command injection vulnerability in the connectedNodes.ovpl CGI script allows remote attackers to execute arbitrary comman...