Trend Micro InterScan Messaging Security (Virtual Appliance) Remote Code Execution

This module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.ims...

The use of Python code implementing the Web application of the injection-vulnerability warning-the black bar safety net

Vulnerability overview If your Web application exists in the Python code injection vulnerability, the attacker can use your Web applications to your back-end server of the Python parser to send malicious Python code. This also means that if you can on the target server execute Python code, you ca...

Cisco TelePresence Video Communication Server Expressway Operating System Command Injection Vulnerability

Cisco TelePresence Video Communication Server VCS Expressway is a TelePresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A...

Symantec Web Gateway OS Authenticated Command Injection

SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...

SmarterStats 6.0 - Multiple Vulnerabilities

No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...

Cisco Releases Security Advisory for Cisco Secure Access Control System

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System ACS. These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS...

Sinapsi Devices Vulnerabilities

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...

CGI Generic Command Execution (time-based, intrusive)

The remote web server hosts CGI scripts that seem to fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. Note that : - This script uses a time-based detection method that is less reliable than the basic...

Blog System 1.5 - Multiple Vulnerabilities

Blog System 1.5 - Multiple Vulnerabilities Exploit Title: Blog System | www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ | http://www.netartmedia.net/blogsystem/demo.html Version: = 1.5 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of...

JBoss 3.0.8/3.2.1 - HSQLDB Remote Command Injection

source: https://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of flaws, an attacker can pass comman...