HappyMall E-Commerce Software Member_HTML.CGI Command Execution (CVE-2003-0243)

A command Execution Vulnerability has been reported in HappyMall E-Commerce Software. The vulnerability is due to improper filtering of the normalhtml.cgi / memberhtml.cgi scripts, while passing pipe and semi-colon characters in the URL. A remote attacker can create a specially crafted URL to cau...

Hudson CI Groovy Console accessible

Checks if the Hudson CI Groovy Console is unprotected. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:oracle:hudson";...

CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.

Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 Recommendations: All affected users should upgrade to Logstash 1.4.2. We also provide patch instructions for Logstash 1.3.x at the bottom of this note. The vulnerability impacts deployments...

Autodesk VRED contains an unauthenticated remote code execution vulnerability

Overview Autodesk VRED contains an unauthenticated remote code execution vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection': Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability...

Time and Expense Management System Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...

JBoss 3.0.8/3.2.1 HSQLDB Remote Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of...

Oracle 10g Multiple Remote Privilege Escalation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escalate their privileges to DB...

Oracle <= 9i / 10g (read/write/execute) Exploitation Suite

No description provided by source. -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an exploitation suite for Oracle written in Java. Use it to --...

Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the ability to execute a query o...

WordPress 2.1.1 wp-includes/feed.php ix Variable Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or...

logstash -- Remote command execution in Logstash zabbix and nagios_nsca outputs

Elastic reports: The vulnerability impacts deployments that use the either the zabbix or the nagiosnsca outputs. In these cases, an attacker with an ability to send crafted events to any source of data for Logstash could execute operating system commands with the permissions of the Logstash...

CVE-2014-3883

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action...

Design/Logic Flaw

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action...

CVE-2014-3883

Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action...

CVE-2012-4108

The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and execute arbitrary operating-system commands via crafted parameters to a file-related command, aka Bug ID CSCtq86554...

Oracle Endeca Server createDataStore SOAP Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...

Symantec Web Gateway < 5.1.1 Multiple Vulnerabilities (SYM13-008)

Binary data 6966.prm...

CVE-2013-3578

SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server ERAS allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter aka the search field, leading to execution of operating-system...

CVE-2013-2970

Unspecified vulnerability in IBM QRadar Security Information and Event Manager SIEM 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in IBM QRadar Security Information and Event Manager SIEM 7.x before 7.1 MR2 Patch 1 allows remote authenticated users to execute operating-system commands via unknown vectors...