1086 matches found
CVE-2018-4859
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
CVE-2018-4860
A vulnerability has been identified in SCALANCE M875 All versions. An authenticated remote attacker with access to the web interface 443/tcp, could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker...
Sql injection
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...
CVE-2016-9488
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...
CVE-2016-9488
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...
DEBIAN-CVE-2018-11652
CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report...
BaserCMS Command Injection Vulnerability
baserCMS is an enterprise-level content management system CMS. A security vulnerability exists in baserCMS versions 4.1.0.1 and earlier and 3.0.15 and earlier. A remote attacker can exploit the vulnerability to execute arbitrary operating system commands...
CVE-2018-10967
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution...
Remote code execution
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution...
CVE-2018-10967
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code execution...
MyBiz MyProcureNet Arbitrary File Upload Vulnerability
MyBiz MyProcureNet is a procurement process automation solution from MyBiz Solutions Malaysia. A security vulnerability exists in MyBiz MyProcureNet version 5.0.0, which originates from an attacker being able to adjust the 'HiddenFieldControlCustomWhiteListedExtensions' parameter and add arbitrar...
Design/Logic Flaw
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...
LXR OS Command Injection Vulnerability
LXR is a general-purpose source code indexing and cross-referencing program. A security vulnerability exists in LXR versions 1.0.0 through 2.3.0. A remote attacker can exploit the vulnerability to execute arbitrary operating system commands...
Zoho ManageEngine Applications Manager Remote Code Execution Vulnerability (CNVD-2018-06478)
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. A command injection vulnerability...
QNAP NAS application Media Streaming add-on arbitrary OS command execution vulnerability
QNAP NAS application Media Streaming add-on is a video streaming loading application for QNAP NAS devices from QNAP Systems. A security vulnerability exists in the QNAP NAS application Media Streaming add-on version 421.1.0.2 and earlier and version 430.1.2.0 and earlier. A remote attacker can...
CMS Made Simple Remote Code Execution Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A remote code execution vulnerability exists in CM...
Microsoft SQL Database Attacking Tool: MSDAT
MSDAT M icro s oft SQL D atabase A ttacking T ool is an open source penetration testing tool that tests the security of Microsoft SQL Databases remotely. Usage examples of MSDAT: You have a Microsoft database listening remotely and you want to find valid credentials in order to connect to the...
CVE-2018-7046
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...
Nootka Command Injection Vulnerability
Nootka is a mobile application for learning classical music notation. A security vulnerability exists in Nootka 1.4.4 and earlier versions. A remote attacker can exploit the vulnerability to execute arbitrary operating system commands...
CVE-2017-18025
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter...