3844 matches found
Linksys E-Series TheMoon Remote Command Injection
Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so-called "TheMoon" worm. There are many Linksys systems that are potentially vulnerable, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,...
Iconify SkyBlueCanvas‘index.php’远程命令注入漏洞
Bugtraq ID:65129 CVE:CVE-2014-1683 SkyBlueCanvas是Iconify公司的一套轻量级Web内容管理系统。该系统使用XML存储数据,并提供主题、附加组件、问题报告等功能。 Iconify SkyBlueCanvas中存在远程命令注入漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行任意命令,有助于发起进一步攻击。SkyBlueCanvas 1.1 r248-03版本中存在漏洞,其他版本也可能受到影响。 0 SkyBlueCanvas 1.1 r248-03 厂商补丁: Iconify -----...
Pandora Fms 5.0RC1 - Remote Command Injection
Pandora Fms 5.0RC1 - Remote Command Injection ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Pandora FMS 5.0RC1 and below ------------------------- Affected vendors: ------------------------- Pandora FMS http://pandorafms.com/...
Pandora Fms 5.0RC1 - Remote Command Injection
----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Pandora FMS 5.0RC1 and below ------------------------- Affected vendors: ------------------------- Pandora FMS http://pandorafms.com/ ------------------------- Product description:...
SkyBlueCanvas CMS 1.1 r248-03 Command Injection
Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...
Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution
Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an...
Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution
Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...
PineApp Mail-SeCure admin/confnetworking.html Multiple Parameter Remote Command Injection
The version of PineApp Mail-SeCure installed on the remote host is affected by a remote command injection vulnerability because the application fails to properly sanitize input to multiple parameters. This could allow a remote, unauthenticated attacker to execute arbitrary commands on the remote...
Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability
Webuzo is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
EMC Replication Manager Command Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'EMC Replication Manager Command Execution', 'Description' = %q This module exploits a remote command-injection vulnerability in EMC...
Interactive Graphical SCADA System Remote Command Injection
This module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands. This module requires Metasploit:...
GestioIP <= 3.0 Command Injection Vulnerability - Active Check
GestioIP is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linksys Devices pingstr Remote Command Injection
The Linksys WRT100 and WRT110 consumer routers are vulnerable to a command injection exploit in the ping field of the web interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys...
phpThumb v. <= 1.7.9 Remote Command Injection Exploit
This code exploits a Remote Command Injection vulnerability in phpThumb that allows attackers to upload a shell automatically.. !/usr/bin/perl Exploit Title: phpThumb v. http://mobileworld24.pl/wp-content/themes/mobileworld24/inc/phpThumb/ use LWP::UserAgent; use HTTP::Request; $target = $ARGV0;...
Fog Dragonfly 0.8.2 Command Injection Vulnerability
Ruby Gem Fog Dragonfly version 0.8.2 suffers from a remote command injection vulnerability. TITLE: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Credit: Larry W. Cashdollar, @larry0 Date: 8/16/2013 CVE: 2013-5671 Download: https://rubygems.org/gems/fog-dragonfly Description: "Dragonfly...
RubyGems Sounder 'sound.rb'远程命令注入漏洞
BUGTRAQ ID: 62023 Sounder是Mac OSX afplay命令的ruby gem API Sounder 1.0.1存在远程命令注入漏洞,攻击者可利用此漏洞在受影响应用上下文中执行任意命令 0 rubygems Sounder 1.0.1 厂商补丁: rubygems -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: https://rubygems.org/gems/sounder PoC: irbmain:098:0 @file = ""id;/usr/bin/id/tmp/p;"" =...
PineApp Mail-SeCure 'livelog.html' Remote Command Injection Vulnerability
PineApp Mail-SeCure 3.70 is prone to a remote command-injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Rgpg 0.2.2 Ruby Gem Remote Command Injection
Title: Rgpg 0.2.2 Ruby Gem Remote Command Injection Date: 7/31/2013 Advisory Author: Larry W. Cashdollar, @larry0 CVE: CVE-2013-4203 Download: https://rubygems.org/gems/rgpg Description: "A simple Ruby wrapper around gpg command for file encryption. rgpg is a simple API for interacting with the g...
PineApp Mail-SeCure 'test_li_connection.php' Remote Command Injection Vulnerability
The remote PineApp Mail-SeCure is prone to a remote command-injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
PineApp Mail-SeCure test_li_connection.php Remote Command Injection
The version of PineApp Mail-SeCure installed on the remote host is affected by a remote command injection vulnerability because the application fails to properly sanitize input to the 'testliconnection.php' script. This could allow a remote, unauthenticated attacker to execute arbitrary commands ...