FTP Commander Pro 8.03 - Local Stack Overflow

Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...

Malicious Package

Overview All versions of commmander contain malicious code . The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. Upon require the package attempts to start a cryptocurrency miner using coin-hive. Recommendation Remove the packag...

Design/Logic Flaw

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

Timing Attack

redis-commander is vulnerable to timing attack. A remote attacker is able to perform password guessing by analyzing the response time of the application during password validation...

The vulnerability of the embedded software in the CNC11 TITANIUM mini system allows a perpetrator to execute any program present in the system.

The vulnerability of the embedded software in the CNC11 TITANIUM mini system is related to the absence of a mechanism for controlling the execution of external applications. Exploiting this vulnerability allows an attacker to execute existing applications within the system by accessing the...

Malicious Package

Overview All versions of commander-js are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads an arbitrary file and executes its contents as a post-install script...

Malicious JavaScript Package Detection

Detection and reporting of known malicious JavaScript packages or package versions. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Reflected Cross-site Scripting (XSS)

redis-commander is vulnerable to reflected cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the highlighterId parameter in the web/static/jstree/docs/syntax/clipboard.swf file...

Reflected Cross-Site Scripting

Overview Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander. Mitigating factors: Flash must be installed / enabled for this to work. The below proof of concept was verified...

Node.js third-party modules: [redis-commander] Reflected SWF XSS via vulnerable "clipboard.swf" component

Hi, An injection in the highlighterId parameter of the clipboard.swf component can be used to reflect JavaScript in the context of hosts running Redis Commander. Module specification Name: redis-commander Version: 0.4.5 latest release build Verified conditions Test server: Ubuntu 16.04 LTS Browse...

InternetSoft FTP Commander Untrusted Search Path Vulnerability

InternetSoft FTP Commander is a Windows-based FTP client developed by InternetSoft. A security vulnerability exists in InternetSoft FTP Commander 8.02 and earlier versions. The vulnerability can be exploited by an attacker to hijack a DLL and execute code via a malicious dwmapi.dll file...

CVE-2017-11749

InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file...

Design/Logic Flaw

InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file...

CVE-2017-11749

CVE-2017-11749 affects InternetSoft FTP Commander 8.02 and earlier. The root cause is an untrusted search path that allows DLL hijacking via a Trojan horse dwmapi.dll file. This brief description is supported by multiple records (NVD/Red Hat/CNVD/CVE listings). The connected documents do not prov...

CVE-2017-11749

InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file...

WordPress CMS Commander Client Plugin unauthenticated PHP Object injection vulnerability

Exploit for php platform in category web applications Abstract A PHP Object injection vulnerability was found in the CMS Commander Client WordPress Plugin, which can be used by an unauthenticated user to instantiate arbitrary PHP Objects. Using this vulnerability it is possible to execute arbitra...

CMS Commander Client <= 2.21 - Unauthenticated PHP Object Injection

The CMS Commander – Manage Multiple Sites WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability...

LEGO® MINDSTORMS® Commander - BSD license, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application LEGO® MINDSTORMS® Commander published at the 'play' market has multiple vulnerabilities...

WWII UBoat Submarine Commander - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application WWII UBoat Submarine Commander published at the 'play' market has multiple vulnerabilities...

Little Commander 2 Xmas - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Little Commander 2 Xmas published at the 'play' market has multiple vulnerabilities...