Mac OS X rsh Environment Variables Privilege Elevation

Added: 10/15/2015 CVE: CVE-2015-5889 Background The remotecmds component of Apple Mac OS X contains an rsh binary program that allows a user to execute commands on another computer across a computer network. Problem The rsh binary in the remotecmds component of Mac OS X versions prior to 10.11...

Code injection

rsh in the remotecmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables...

UBUNTU-CVE-2015-3283

OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors...

Command Execution Vulnerability in Youyou's Email System of Shenzhen Hechen Communication Technology Co.

Shenzhen Hechen Communication Technology Co., Ltd. Youyou mail system is a modern enterprise to set up a professional e-mail service of a set of overall solutions, the mail system not only provides the conventional e-mail functions, but also extends the e-mail monitoring, e-mail antivirus, e-mail...

PT-2015-5280 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 1.3.x through 1.3.7 Elasticsearch versions 1.4.x through 1.4.2 Description: The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell...

Magento Server MAGMI Plugin - Remote File Inclusion (RFI)

No description provided by source. Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: [email protected] twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software...

Magento Server MAGMI Plugin - Remote File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit found date: 10/24/2014 Security Researcher name: Parvinder Singh Bhasin Contact info: email protected twitter: @parvinderb Currently tested version: Magento version: Magento CE - 1.8 and newer versions MAGMI version: v0.7.17a and great...

Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion

Exploit found date: 10/24/2014 Security Researcher name: Parvinder Bhasin Contact info: [email protected] twitter: @parvinderb - scorpio Currently tested version: Magento version: Magento CE - 1.8 older MAGMI version: v0.7.17a older Download software link: Magento server:...

Guppy <= 4.5.9 (REMOTE_ADDR) Remote Commands Execution Exploit

No description provided by source. ?php if magicquotesgpc is off you can inject arbitrary php code from rgod /str0ke ---guppy459xpl.php 17.30 28/11/2005 Guppy =4.5.9 SERVERREMOTEADDR overwrite / remote commands xctn coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in...

Zen Cart <= 1.2.6d (password_forgotten.php) SQL Injection Exploit

No description provided by source. ?php ---zencart126dxpl.php 19.42 02/12/2005 Zen-Cart = 1.2.6d blind SQL injection / remote commands execution coded by rgod site: http://rgod.altervista.org - this works with magicquotesgpc both on & off usage: launch from Apache, fill in requested fields, then...

CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution Exploit

No description provided by source. ?php ---dragonfly9.0.6.1inclxpl.php 20.15 07/02/2006 CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion - Sun-Tzu Drangonfly killing - coded by rgod site: http://rgod.altervista.org - this works regardless of magicquotesgpc...

PHPX 3.5.x Admin Login.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15680/info PHPX is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result ...

eFiction <= 2.0 Fake GIF Shell Upload Exploit

No description provided by source. ?php ---efiction20xpl.php 15.19 17/11/2005 eFiction = 2.0 fake GIF Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: If fighting is sure to result in victory, then you must fight,...

PHPWebThings <= 1.4 (msg/forum) SQL Injection Exploit

No description provided by source. ?php ---phpwebth14xpl.php 10.47 16/11/2005 PHPWebThings 1.4 msg and forum SQL injection / Administrative credentials disclosure and remote commands execution coded by rgod site: http://rgod.altervista.org based on http://secunia.com/advisories/17410/, but here w...

EnterpriseGS <= 1.0 rc4 Remote Commands Execution Exploit

No description provided by source. ?php ---egs10rc4php5inclxpl.php 17.57 13/02/2006 EGS Enterprise Groupware System =1.0 rc4 remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works against PHP5 usage: launch from Apache, fill in requested fields, then go!...

phpBB <= 2.0.10 Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; @@@@@@@ @@@ @@@ @@@@@@ @@@ @@@ @@! @@@ @@! @@@ !@@ @@! @@@ @!@!!@! @!@ !@! !@@!! @!@!@!@! !!: :!! !!: !!! !:! !!: !!! : : : :.:: : ::.: : : : : phpBB = 2.0.10 remote commands exec exploit based on...

lanewsfactory Multiple Vulnerabilities

No description provided by source. LaNewsFactory Multiple Remote Vulnerabilities http://www.salvatorefresta.net/files/adv/LaNewsFactory%20Multiple%20Remote%20Vulnerabilities-19042010.txt Name LaNewsFactory Vendor Christophe Brocas Versions Affected = 1.0.0 Author Salvatore Fresta aka Drosophila...

Mambo <= 4.5.2 Globals Overwrite / Remote Command Exection Exploit

No description provided by source. ?php ---mambo452xpl.php 15.19 17/11/2005 Mambo = 4.5.2 Globals overwrite / remote commands execution coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: Rapidity is the essence of war: take...

Flatnuke <= 2.5.8 file() Privilege Escalation / Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' ----------------------------------------------------------------------------- Flatnuke =2.5.8 file/privilege escalation/remote commands xctn exploit by rgod [email protected] site: http://retrogod.altervista.org dor...

DocMGR <= 0.54.2 (file_exists) Remote Commands Execution Exploit

No description provided by source. ?php ---docmgr0542inclxpl.php 0.30 12/02/2006 DocMGR = 0.54.2 remote commands execution exploit coded by rgod site: http://retrogod.altervista.org - works against PHP5, with shortopentag = On and registerglobals = On usage: launch from Apache, fill in requested...