1086 matches found
Local File Inclusion in CMS Source
Vulnerability ID: HTB22552 Reference: http://www.htbridge.ch/advisory/localfileinclusionincmssource1.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010...
Command injection
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script...
CVE-2010-0934
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script...
Oracle Database DBMS_JVM_EXP_PERMS IMPORT_JVM_PERMS privilege elevation
Added: 02/26/2010 BID: 38115 OSVDB: 62184 Background Oracle Database embeds a Java runtime environment called OracleJVM. The DBMSJVMEXPPERMS package is included in Oracle Database and is used for importing and exporting Java permissions between database servers. Problem A privilege elevation...
Oracle Database DBMS_JVM_EXP_PERMS IMPORT_JVM_PERMS privilege elevation
Added: 02/26/2010 BID: 38115 OSVDB: 62184 Background Oracle Database embeds a Java runtime environment called OracleJVM. The DBMSJVMEXPPERMS package is included in Oracle Database and is used for importing and exporting Java permissions between database servers. Problem A privilege elevation...
Zabbix node_process_command() Function Crafted Request Arbitrary Command Execution
The version of Zabbix server running on the remote host has a command execution vulnerability in the 'processnodecommand' function of 'nodehistory.c'. A remote attacker could exploit this by sending a specially crafted request, resulting in the execution of operating system commands. C Tenable...
Oracle 10g - Multiple Privilege Escalation Vulnerabilities
Oracle 10g - Multiple Privilege Escalation Vulnerabilities source: https://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escala...
Default credentials
Cisco Application Networking Manager ANM before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files...
Design/Logic Flaw
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.2 and Cisco ACE 4710 Application Control Engine Appliance before A18a allows remote authenticated users to execute arbitrary operating-system commands through a command...
CVE-2009-0617
CVE-2009-0617 affects Cisco ANM (Application Networking Manager) prior to version 2.0, where ANM uses a default MySQL root password. This creates a risk of remote command execution or modification of system files on the underlying host OS, as described in Cisco’s advisory and NVD/NVD-derived cont...
CVE-2009-0622
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A21.2 and Cisco ACE 4710 Application Control Engine Appliance before A18a allows remote authenticated users to execute arbitrary operating-system commands through a command...
QUICK CART OS command injection vulnerability
Overview QUICK CART is a shopping cart system that provides functionalities used for managing an Internet store. An OS command injection vulnerability exists in QUICK CART as it does not properly validate the user input. Impact A remote attacker could execute arbitrary operating system commands o...
WordPress 2.1.1 - wp-includestheme.php?iz Arbitrary Command Execution
WordPress 2.1.1 - wp-includestheme.php?iz Arbitrary Command Execution source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will...
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject...
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands...
WordPress Core 2.1.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or execute operating system commands...
CVE-2007-0565
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors...
CVE-2007-0565
CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors...
JVN#10222000 QUICK CART OS command injection vulnerability
Impact A remote attacker could execute arbitrary operating system commands on a server running QUICK CART. Solution Products Affected QUICK CART Ver 1 QUICK CART Ver 2 QUICK CART Free QUICK CART Pro QUICK CART Plugin for Movable Type 3.2...
Snitz Forums 2000 SQL injection
The remote host is using Snitz Forum 2000 which allows an attacker to execute stored procedures and non-interactive operating system commands on the system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...