1764 matches found
[slackware-security] mailx
New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/mailx-12.5-i486-2slack14.1.txz: Rebuilt. Drop SSLv2 support no longer supported by OpenSSL, and fix security...
Ubiquiti Inc.: Read-Only user can execute arbitraty shell commands on AirOS
On the last version of AirOS including the 8.0 beta is possible to a read-only user to inject shell commands. Is possible to exploit the vulnerability using the following URL adjusting the airosid value to a valid session:...
PHP File Manager 'phpfm.php' Authentication Bypass Vulnerability
PHP File Manager is a suite of applications for managing web sites using PHP scripts. An authentication bypass vulnerability exists in PHP File Manager. An attacker can exploit this vulnerability to obtain a valid session and execute shell commands using restricted functionality...
PHP File Manager 0.9.8 Authentication Bypass / Code Execution
PHP File Manager 0.9.8 http://phpfm.sourceforge.net/ is vulnerable to authentication bypass due to insecure implementation of register globals emulation. An attacker is able to override the blockKeys array and thus build a valid session and access all the protected functionality including executi...
Cisco Unified Computing System Manager Remote Command Execution Vulnerability (cisco-sa-20160120-ucsm)
A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...
Mageia: Security Advisory (MGASA-2015-0478)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Centreon 2.6.x < 2.6.5 Multiple Vulnerabilities
According to its version number, the Centreon application hosted on the remote web server is version 2.6.x prior to 2.6.5. It is, therefore, affected by multiple vulnerabilities : - A cross-site request forgery XSRF vulnerability exists in the main.php script. A remote attacker can exploit this t...
ClipperCMS 1.3.0 - Code Execution
ClipperCMS 1.3.0 - Code Execution !/usr/local/bin/python Exploit for ClipperCMS 1.3.0 Code Execution vulnerability An account is required with rights to file upload eg a user in the Admin, Publisher, or Editor role The server must parse htaccess files for this exploit to work. Curesec GmbH...
AlienVault Unified Security Management Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the server and database. A local...
Potential Command Injection
Overview Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify. Untrusted input passed in the call to libnotify.notify could result in execution of...
Design/Logic Flaw
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitlecodepage parameter to subtitle.cgi...
CVE-2015-6912
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitlecodepage parameter to subtitle.cgi...
CVE-2015-5222
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...
CVE-2015-5222
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...
RubyGems ruby-saml 'xml_security.rb' command injection vulnerability
RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A command injection vulnerability exists in RubyGems ruby-saml. A remote attacker could use this vulnerability to execute arbitrary shell commands in...
Code injection
The Management Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter...
CVE-2015-5080
The Management Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter...
Citrix NetScaler ADC and NetScaler Gateway Remote Arbitrary Shell Command Execution Vulnerability
Citrix NetScaler ADCs are application delivery controllers that optimize enterprise service delivery.Citrix Access Gateway is a general purpose SSL VPN appliance. A security vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway that allows authenticated users to send specially crafte...
Endian Firewall 3.0.0 - OS Command Injection (Python)
Endian Firewall 3.0.0 - OS Command Injection Python !/usr/bin/env python Endian Firewall Proxy User Password Change /cgi-bin/chpasswd.cgi OS Command Injection Exploit POC Reverse TCP Shell Ben Lincoln, 2015-06-28 http://www.beneaththewaves.net/ Requires knowledge of a valid proxy username and...
FreeBSD : elasticsearch -- remote OS command execution via Groovy scripting engine (026759e0-1ba3-11e5-b43d-002590263bf5)
Elastic reports : Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...