Lucene search
K

9816 matches found

NVD
NVD
added 2011/05/20 10:55 p.m.20 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS7.7AI score0.05321EPSS
Exploits0References4
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Command injection

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS8.3AI score0.05321EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.18 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

7.7AI score0.05321EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.50 views

CVE-2011-2148

CVE-2011-2148 affects SmarterTools SmarterStats 6.0: Admin/frmSite.aspx allows remote command execution via OS command injection. The attacker can exploit a leading/trailing & and specific parameters (STTTState cookie; txtAdminNewPassword_SettingText; txtSmarterLogDirectory; ucSiteSeoSearchEngine...

10CVSS7.9AI score0.05321EPSS
Exploits0References4Affected Software1
CERT
CERT
added 2011/05/18 12:0 a.m.26 views

SmarterTools default basic web server vulnerabilities

Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...

7.2AI score
Exploits0References4
erpscan
erpscan
added 2011/03/14 12:0 a.m.58 views

SAP NetWeaver - Authentication bypass (Verb Tampering)

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 14.03.2011 Vendor response:15.03.2011 Date of Public Advisory:11.11.2011 CVSS: 10 by ERPSCAN 7.3 by SAP Author:Alexandr Polyakov Description...

1.2AI score
Exploits0
0day.today
0day.today
added 2011/03/12 12:0 a.m.28 views

SmarterStats 6.0 Multiple Vulnerabilities

Exploit for asp platform in category web applications Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL Injection, DoS Patch: The Vendor has released SmarterStats Version 6.2 at URI...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/03/11 12:0 a.m.33 views

SmarterStats 6.0 - Multiple Vulnerabilities

Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/07 12:0 a.m.41 views

JVN#73162541: OTRS vulnerable to OS command injection

OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...

7.5CVSS6.8AI score0.03001EPSS
Exploits0
exploitpack
exploitpack
added 2010/12/09 12:0 a.m.63 views

VMware Tools - Update OS Command Injection

VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...

7.2CVSS0.7AI score0.0517EPSS
Exploits4
Exploit DB
Exploit DB
added 2010/12/09 12:0 a.m.69 views

VMware Tools - Update OS Command Injection

VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Y...

7.2CVSS7AI score0.0517EPSS
Exploits4
myhack58
myhack58
added 2010/12/01 12:0 a.m.28 views

Pandora FMS <=3.1 multiple vulnerabilities-vulnerability warning-the black bar safety net

Pandora FMS is a server monitoring software, Pandora FMS =version 3.1 there are multiple security vulnerabilities, including:directory traversal, SQL injection, system command injection, authentication bypass and other vulnerabilities. May lead to multiple security threats. +info: Pandora FMS = 3...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2010/12/01 12:0 a.m.86 views

Pandora FMS Command Injection / SQL Injection / Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...

10CVSS0.5AI score0.65618EPSS
Exploits26
securityvulns
securityvulns
added 2010/12/01 12:0 a.m.142 views

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...

10CVSS8.4AI score0.65618EPSS
Exploits26
Exploit DB
Exploit DB
added 2010/11/30 12:0 a.m.62 views

Pandora Fms 3.1 - OS Command Injection

Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...

9CVSS6.5AI score0.11342EPSS
Exploits6
Exploit DB
Exploit DB
added 2010/11/30 12:0 a.m.68 views

Pandora Fms 3.1 - SQL Injection

Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...

7.5CVSS6.4AI score0.05339EPSS
Exploits8
Packet Storm
Packet Storm
added 2010/11/11 12:0 a.m.59 views

Core Security Technologies Advisory 2010.1018

Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Landesk OS command injection 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date...

8.5CVSS0.7AI score0.03508EPSS
Exploits6
exploitpack
exploitpack
added 2010/11/11 12:0 a.m.49 views

Landesk - OS command Injection

Landesk - OS command Injection 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date published: 2010-11-10 Date of last update: 2010-11-10 Vendors contacted: LANDesk...

8.5CVSS0.4AI score0.03508EPSS
Exploits6
exploitpack
exploitpack
added 2010/10/13 12:0 a.m.30 views

Oracle Virtual Server Agent - Command Injection

Oracle Virtual Server Agent - Command Injection Oracle Virtual Server Agent Command Injection ============================================= 1. Advisory Information Advisory ID: BONSAI-2010-0109 Date published: 2010-10-13 Vendors contacted: Oracle Release mode: Coordinated release 2. Vulnerability...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2010/09/21 12:0 a.m.32 views

SmarterMail 7.1.3876 Directory Traversal

Vendor: smartertools.com SmarterMail 7.x 7.1.3876 | Bug : Directory Traversal, OS Command Injection, Other Critcal Vulns Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author : sqlhacker – http://cloudscan.me Thanks to : Burp Suite Pro - engagement tool : FuzzDB Contact :...

0.3AI score
Exploits0
Rows per page
Query Builder