25 matches found
Command injection
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15ACCC.3C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request...
EMC Secure Remote Services Virtual Edition Command Injection
------------------------------------------------------------------------ Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014...
VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit
Exploit for linux platform in category remote exploits ================================================== VHCS http://acid-root.new.fr/ email protected Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwn...
SuSE 10 Security Update : festival (ZYPP Patch Number 4378)
The festival daemon runs as root. The default config doesn't have a password set. A local attacker could therefore connect to the daemon to have commands executed as root. CVE-2007-4074 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
Debian DSA-711-1 : info2www - missing input sanitising
Nicolas Gregoire discovered a cross-site scripting vulnerability in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user. %NASLMINLEVEL 70300 C Tenable...