9816 matches found
CVE-2011-2148
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...
Command injection
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...
CVE-2011-2148
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...
CVE-2011-2148
CVE-2011-2148 affects SmarterTools SmarterStats 6.0: Admin/frmSite.aspx allows remote command execution via OS command injection. The attacker can exploit a leading/trailing & and specific parameters (STTTState cookie; txtAdminNewPassword_SettingText; txtSmarterLogDirectory; ucSiteSeoSearchEngine...
SmarterTools default basic web server vulnerabilities
Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...
SAP NetWeaver - Authentication bypass (Verb Tampering)
Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 14.03.2011 Vendor response:15.03.2011 Date of Public Advisory:11.11.2011 CVSS: 10 by ERPSCAN 7.3 by SAP Author:Alexandr Polyakov Description...
SmarterStats 6.0 Multiple Vulnerabilities
Exploit for asp platform in category web applications Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL Injection, DoS Patch: The Vendor has released SmarterStats Version 6.2 at URI...
SmarterStats 6.0 - Multiple Vulnerabilities
Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL...
JVN#73162541: OTRS vulnerable to OS command injection
OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...
VMware Tools - Update OS Command Injection
VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...
VMware Tools - Update OS Command Injection
VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Y...
Pandora FMS <=3.1 multiple vulnerabilities-vulnerability warning-the black bar safety net
Pandora FMS is a server monitoring software, Pandora FMS =version 3.1 there are multiple security vulnerabilities, including:directory traversal, SQL injection, system command injection, authentication bypass and other vulnerabilities. May lead to multiple security threats. +info: Pandora FMS = 3...
Pandora FMS Command Injection / SQL Injection / Path Traversal
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...
Pandora Fms 3.1 - OS Command Injection
Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...
Pandora Fms 3.1 - SQL Injection
Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...
Core Security Technologies Advisory 2010.1018
Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Landesk OS command injection 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date...
Landesk - OS command Injection
Landesk - OS command Injection 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date published: 2010-11-10 Date of last update: 2010-11-10 Vendors contacted: LANDesk...
Oracle Virtual Server Agent - Command Injection
Oracle Virtual Server Agent - Command Injection Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability...
SmarterMail 7.1.3876 Directory Traversal
Vendor: smartertools.com SmarterMail 7.x 7.1.3876 | Bug : Directory Traversal, OS Command Injection, Other Critcal Vulns Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author : sqlhacker – http://cloudscan.me Thanks to : Burp Suite Pro - engagement tool : FuzzDB Contact :...