1096 matches found
Webservice-DIC yoyaku_v41 OS Command Injection Vulnerability
Webservice-DIC yoyakuv41 is a conference room reservation management software from Webservice-DIC. Webservice-DIC yoyakuv41 fails to properly filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary operating system...
Belkin N300 Dual-Band Wi-Fi Range Extender formiNICWpsStart Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formiNICWpsStart requests. It is possible to...
Belkin N300 Dual-Band Wi-Fi Range Extender formAccept Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formAccept requests. It is possible to inject...
Belkin N300 Dual-Band Wi-Fi Range Extender formWpsStart pinCode Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWpsStart requests. It is possible to inject...
Belkin N300 Dual-Band Wi-Fi Range Extender formWlanMP Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWlanMP requests. It is possible to inject...
Belkin N300 Dual-Band Wi-Fi Range Extender formBSSetSitesurvey Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formBSSetSitesurvey requests. It is possible to...
Belkin N300 Dual-Band Wi-Fi Range Extender formHwSet Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formHwSet requests. It is possible to inject...
Belkin N300 Dual-Band Wi-Fi Range Extender formUSBStorage Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formUSBStorage requests. It is possible to inje...
The vulnerability of the Cisco UCS Central device’s centralized management system allows a perpetrator to gain privileges necessary to execute operating system commands.
The vulnerability of the Cisco UCS Central device management system exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain privileges necessary to execute...
The vulnerability of the Cisco VX Client allows a perpetrator to gain privileges necessary to execute system commands.
The vulnerability of the diagnostic subsystem in the web-based administration interface of Cisco VX Client exists due to the lack of measures taken to neutralize the special elements used in the operating system command set. Exploiting this vulnerability can allow an attacker, operating locally, ...
HappyMall E-Commerce Software Member_HTML.CGI Command Execution (CVE-2003-0243)
A command Execution Vulnerability has been reported in HappyMall E-Commerce Software. The vulnerability is due to improper filtering of the normalhtml.cgi / memberhtml.cgi scripts, while passing pipe and semi-colon characters in the URL. A remote attacker can create a specially crafted URL to cau...
Hudson CI Groovy Console accessible
Checks if the Hudson CI Groovy Console is unprotected. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE = "cpe:/a:oracle:hudson";...
CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs.
Vendor: Elasticsearch Product: Logstash CVE: CVE-2014-4326 Affected versions: Logstash 1.0.14 through 1.4.1 Recommendations: All affected users should upgrade to Logstash 1.4.2. We also provide patch instructions for Logstash 1.3.x at the bottom of this note. The vulnerability impacts deployments...
Autodesk VRED contains an unauthenticated remote code execution vulnerability
Overview Autodesk VRED contains an unauthenticated remote code execution vulnerability. Description CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection': Autodesk VRED Professional 2014 contains an unauthenticated remote code execution vulnerability...
Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the ability to execute a query o...
JBoss 3.0.8/3.2.1 HSQLDB Remote Command Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8773/info A remote command-injection vulnerability has been reported in JBoss. The issue is reportedly exposed via the HSQLDB component, which is a SQL database server that manages JMS connections. Because of a number of...
Oracle <= 9i / 10g (read/write/execute) Exploitation Suite
No description provided by source. -- -- $Id: raptororaexec.sql,v 1.2 2006/11/23 23:40:16 raptor Exp $ -- -- raptororaexec.sql - java exploitation suite for oracle -- Copyright c 2006 Marco Ivaldi [email protected] -- -- This is an exploitation suite for Oracle written in Java. Use it to --...
WordPress 2.1.1 wp-includes/feed.php ix Variable Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/22797/info An attacker compromised the source code for Wordpress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code-execution vulnerability that will let remote users inject PHP code or...
Oracle 10g Multiple Remote Privilege Escalation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/38115/info Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escalate their privileges to DB...
Time and Expense Management System Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------ Software................Time and Expense Management System Vulnerability...........Command Injection Threat Level............Very Critical 5/5...