Lucene search
K

9855 matches found

Prion
Prion
added 2012/03/03 4:4 a.m.15 views

Command injection

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue...

6.5CVSS7.8AI score0.02421EPSS
Exploits0References7Affected Software4
CVE
CVE
added 2012/03/03 2:0 a.m.61 views

CVE-2012-0319

The CVE-2012-0319 issue affects Movable Type file-management: MT versions before 4.38, 5.0x before 5.07, and 5.1x before 5.13 are vulnerable due to an OS Command Injection in the file-upload feature. A remote authenticated user with upload permissions can execute arbitrary commands. Documents con...

6.5CVSS7.4AI score0.02421EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2012/03/03 2:0 a.m.28 views

CVE-2012-0319

The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue...

7.2AI score0.02421EPSS
Exploits0References7
Debian
Debian
added 2012/03/02 7:32 p.m.10 views

[SECURITY] [DSA 2423-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2423-1 [email protected] http://www.debian.org/security/ Florian Weimer March 02, 2012 http://www.debian.org/security/faq -...

7.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/02/23 12:0 a.m.30 views

JVN#92683325: Movable Type vulnerable to OS command injection

Movable Type contains an OS command injection vulnerability in its file management system. Impact A user with a privilege to upload files may execute an arbitrary OS command. Solution Update the software Update to the latest version of each product according to the information provided by the...

6.5CVSS7AI score0.02421EPSS
Exploits0
securityvulns
securityvulns
added 2012/01/09 12:0 a.m.114 views

OpenKM 5.1.7 OS Command Execution (XSRF based)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/01/03 12:0 a.m.44 views

OpenKM Document Management System 5.1.7 - Command Execution

COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/12/28 12:0 a.m.13 views

Denial-Of-Service

This Denial Of Service tool uses raw IP packets in no-novel ways to try stress the web target hosts childs It was designed to rapidly scan create 48 connections and it works fine against single hosts Required 2MB ADSL/Cable Bandwith in order to work properly Modified by JSacco -...

7.3AI score
Exploits0
Metasploit
Metasploit
added 2011/12/22 7:4 p.m.26 views

Splunk Search Remote Code Execution

This module abuses a command execution vulnerability in the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists in the 'mappy' search command which allows attackers to run Python code. To exploit this vulnerability, a valid Splunk user with the admin role is required. By default,...

4.6CVSS0.5AI score0.28928EPSS
Exploits7
seebug.org
seebug.org
added 2011/11/23 12:0 a.m.49 views

SAP NetWeaver身份验证绕过漏洞

SAP NetWeaver是SAP的集成技术平台和自从SAP Business Suite以来的所有SAP应用的技术基础。 SAP NetWeaver CTC服务在实现上存在身份验证绕过漏洞,可导致非法用户管理和OS命令执行。 SAP NetWeaver 厂商补丁: SAP --- SAP已经为此发布了一个安全公告(DSECRG-11-041)以及相应补丁: DSECRG-11-041:SAP NetWeaver – Authentication bypass Verb Tampering...

7.2AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/11/21 12:0 a.m.31 views

JVN#48839888: Nikki vulnerable to OS command injection

Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...

7.5CVSS7AI score0.02262EPSS
Exploits0
securityvulns
securityvulns
added 2011/11/20 12:0 a.m.59 views

[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)

DSECRG-11-041 SAP NetWeaver - Authentication bypass Verb Tampering Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.co...

0.4AI score
Exploits0
Metasploit
Metasploit
added 2011/11/02 7:40 p.m.26 views

LifeSize Room Command Injection

This module exploits a vulnerable resource in LifeSize Room versions 3.5.3 and 4.7.18 to inject OS commands. LifeSize Room is an appliance and thus the environment is limited resulting in a small set of payload options. This module requires Metasploit: https://metasploit.com/download Current...

7.5CVSS6.9AI score0.36116EPSS
Exploits8
Core Security
Core Security
added 2011/10/24 12:0 a.m.56 views

e107 CMS Script Command Injection

Core Security - Corelabs Advisory e107 CMS Script Command Injection 1. Advisory Information Title: e107 CMS Script Command Injection Advisory ID: CORE-2011-0810 Advisory URL: http://www.coresecurity.com/content/e107-cms-script-command-injection Date published: 2011-10-24 Date of last update:...

7.5CVSS7.8AI score0.05786EPSS
Exploits2
Metasploit
Metasploit
added 2011/10/12 11:26 p.m.31 views

Multi Gather DNS Reverse Lookup Scan

Performs DNS reverse lookup using the OS included DNS query command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather DNS Reverse Lookup Scan', 'Description' = %q Performs DNS rever...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2011/10/12 11:20 p.m.55 views

Multi Gather Ping Sweep

Performs IPv4 ping sweep using the OS included ping command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Ping Sweep', 'Description' = %q Performs IPv4 ping sweep using the OS...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2011/08/30 12:0 a.m.48 views

LifeSize Room Vulnerabilities

Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...

7.5CVSS2.1AI score0.36116EPSS
Exploits9
securityvulns
securityvulns
added 2011/07/06 12:0 a.m.249 views

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/07/03 12:0 a.m.49 views

Spring Source OXM 3.0.4 Command Injection

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

0.1AI score
Exploits0
NVD
NVD
added 2011/05/20 10:55 p.m.22 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS7.7AI score0.05321EPSS
Exploits0References4
Rows per page
Query Builder