9816 matches found
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF)
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Smartphone Pentest Framework SPF web-based GUI, which could be exploited to get control over a pentester's machine. The research was inspired by the vulnerability found by Jon Passki http://osvdb.org/85873. Even if the...
PT-2025-31695 · NetGear · Netgear Routers
Name of the Vulnerable Software and Affected Versions: Netgear routers versions 1.1.00.24 through 1.1.00.45 Description: An authenticated OS command injection vulnerability exists due to improper input neutralization. This allows for command injection through crafted POST requests to the /setup.c...
PT-2025-31687
Name of the Vulnerable Software and Affected Versions D-Link DIR-300 version 1.05 D-Link DIR-615 version 4.13 Description An OS command injection vulnerability exists in multiple D-Link routers via the authenticated tools vct.xgi CGI endpoint. The web interface does not properly sanitize...
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
This module exploits a command injection vulnerability found in E-Mail Security Virtual Appliance. This module abuses the learn-msg.cgi file to execute arbitrary OS commands without authentication. This module has been successfully tested on the ESVA2057 appliance. This module requires Metasploit...
JVN#99730704: Sleipnir Mobile for Android vulnerable to arbitrary Java method execution
Sleipnir Mobile for Android is a web browser for Android devices. Sleipnir Mobile for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in...
NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection
High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor OS Command Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...
Symantec Web Gateway 5.0.2.8 Multiple Vulnerabilities
Exploit for linux platform in category web applications Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include:...
Symantec Web Gateway 5.0.28 LFI / Code Execution
Software: Symantec Web Gateway Current Software Version: 5.0.2.8 Product homepage: www.symantec.com Author: S2 Crew Hungary CVE: CVE-2012-0297, CVE-2012-0298, ??? File include: https://192.168.82.207/spywall/previewProxyError.php?err=../../../../../../../../etc/passwd File include and OS command...
Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection
Dolibarr ERPCRM 3.2.0 3.1.1 - OS Command Injection Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely...
Dolibarr ERP/CRM Post-Auth OS Command Injection
This module exploits a vulnerability found in Dolibarr ERP/CRM 3's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input...
Dolibarr ERP / CRM OS Command Injection
Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Yes Locally Exploitable: Yes 3. Software...
Cyberoam Unified Threat Management: OS Command Execution
Hi, Please find below the details of a vulnerability I discovered in Cyberoam UTM device. The Vendor was notified, however I did not receive any response from Vendor despite repeated email reminders. SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 bui...
Cyberoam UTM - Multiple Vulnerabilities
Cyberoam UTM - Multiple Vulnerabilities SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured...
Cyberoam UTM Multiiple Vulnerabilities
Exploit for hardware platform in category web applications Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and...
Cyberoam UTM - Multiple Vulnerabilities
SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and productivity to...
Cyberoam UTM Command Execution
SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured security, connectivity and productivity to...
Aruba Networks multiple advisories: OS command injection in RAP web interface and 802.1X EAP-TLS user authentication bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ADVISORY NUMBER 031912 Advisory 1: TITLE OS Command Injection Vulnerability in Aruba Remote Access Point Diagnostic Web Interface. SUMMARY An OS command injection vulnerability has been discovered in the Aruba Remote Access Point's Diagnostic Web...
VMware ESXi/ESX patches resolve multiple security issues (VMSA-2010-0018)
The remote ESXi is missing one or more security related Updates from VMSA-2010-0018. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian Security Advisory DSA 2423-1 (movabletype-opensource)
The remote host is missing an update to movabletype-opensource announced via advisory DSA 2423-1. OpenVAS Vulnerability Test $Id: deb24231.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2423-1 movabletype-opensource Authors: Thomas Reinke Copyright:...
CVE-2012-0319
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue...