9829 matches found
Realtek SDK Miniigd UPnP SOAP Command Execution
Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR...
Commix - Automated All-in-One OS Command Injection and Exploitation Tool
Commix short for command injection exploiter has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, ...
CVE-2015-2107
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges...
CVE-2015-0660
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123...
CVE-2015-2107
CVE-2015-2107 affects HP Operations Manager i Management Pack for SAP (1.x) prior to 1.01. The vulnerability allows local users to execute OS commands by leveraging SAP administrative privileges. The available documents do not provide additional details on root cause specifics, affected versions ...
ArcSight Logger - Arbitrary File Upload Code Execution
ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...
ArcSight Logger - Arbitrary File Upload / Code Execution
Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link: http://www8.hp.com/us/en/software-solutions/arcsight-logger-log-management/try-now.html Version: ArcSight Logger 5.3.1.6838.0 and...
Design/Logic Flaw
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition ESRS VE 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors...
CVE-2015-0525
The ESRS VE Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (versions 3.02 and 3.03) contains a command injection flaw that could allow an unauthenticated remote attacker to execute arbitrary OS commands. The vulnerability is tied to the Gateway Provisioning component; ...
Design/Logic Flaw
The image-upgrade implementation on Cisco Desktop Collaboration Experience aka Collaboration Desk Experience or DX DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947...
CVE-2015-0589
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460...
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation / Exploit Title - AVG Internet Security 2015 Arbitrary Write Privilege Escalation Date - 04th February 2015 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.avg.com/ Tested Version - 2015.0.5315 Driver...
JVN#77792759: Multiple ASUS wireless LAN routers vulnerable to OS command injection
Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain an OS command injection vulnerability. Impact An arbitrary OS command may be executed by an authenticated attacker. In addition, when this vulnerability is exploited along with the vulnerability stated in JVN32631078, an arbitrary ...
Arris VAP2500 Command Execution Exploit
Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the toolscommand.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username. This module requires...
Arris VAP2500 tools_command.php Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Arris VAP2500 toolscommand.php Command Execution', 'Description' = %q Arris VAP2500 access points are vulnerable to OS command...
Symantec Web Gateway 5.2.1 OS Command Injection Vilnerability
Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability. ------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.1 restore.php OS Command Injection Vulnerability...
GParted 0.14.1 - OS Command Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 applied CVE number: CVE-2014-7208 impact:...
GParted 0.14.1 - OS Command Execution
GParted 0.14.1 - OS Command Execution SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 appli...
GParted 0.14.1 - OS Command Execution Vulnerability
Exploit for linux platform in category local exploits title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 applied CVE number: CVE-2014-7208 impact: medium homepage: http://gparted.org/ found: 2014-07 by: W. Ettlinge...
SEC Consult SA-20141218-1 :: OS command execution vulnerability in GParted
SEC Consult Vulnerability Lab Security Advisory 20141218-1 ======================================================================= title: OS Command Execution product: GParted - Gnome Partition Editor vulnerable version: =0.14.1 fixed version: =0.15.0, =0.14.1 with fix for CVE-2014-7208 applied C...