1764 matches found
DEBIAN-CVE-2013-2088
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename...
Cisco Nexus 1000V License Installation Command Injection Vulnerability
A vulnerability in the license installation module of Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install license command to properly validate user-supplied input. An attacker could exploit this...
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...
D-Link - OS-Command Injection via UPnP Interface
D-Link - OS-Command Injection via UPnP Interface Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-6...
D-Link DIR-300/600/645/845/865 OS-Command Injection via UPnP Interface
Exploit for hardware platform in category web applications Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B -...
ASUS RT56U Router Multiple Vulnerabilities (Jun 2013) - Active Check
ASUS RT56U Router is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Asus RT56U 3.0.0.4.360 - Remote Command Injection
Asus RT56U 3.0.0.4.360 - Remote Command Injection Exploit Title: Asus RT56U Remote Command Injection Date: 05/05/2013 Exploit Author: drone @dronesec Vendor Homepage: asus.com Version: = 3.0.0.4.360 latest Device Details: ============== Router information: http://www.asus.com/Networking/RTN56U/...
ASUS RT56U Remote Command Injection
Exploit Title: Asus RT56U Remote Command Injection Date: 05/05/2013 Exploit Author: drone @dronesec Vendor Homepage: asus.com Version: = 3.0.0.4.360 latest Device Details: ============== Router information: http://www.asus.com/Networking/RTN56U/ Firmware:...
Asus RT56U 3.0.0.4.360 - Remote Command Injection
Router information: http://www.asus.com/Networking/RTN56U/ Firmware: http://www.asus.com/Networking/RTN56U/supportDownload30 Insufficient or rather, a complete lack thereof input sanitization leads to the injection of shell commands. It's possible to upload and execute a backdoor. Example request...
Apache Subversion 命令注入漏洞(CVE-2013-2088)
BUGTRAQ ID: 60265 CVECAN ID: CVE-2013-2088 Subversion是一款开源多用户版本控制系统,支持非ASCII 文本和二进制数据。 Apache Subversion 1.6.22及之前版本、1.7.10及之前版本存在命令注入漏洞,可导致受影响系统损坏。此漏洞源于处理文件名时,svn-keyword-check.pl hook脚本内存在输入验证错误。通过特制的请求可注入任意shell命令并执行这些命令。要成功利用此漏洞需要在服务器端使用contrib脚本。 0 Apache Group Subversion = 1.7.10 Apache Gro...
LG Optimus G Command Injection
Device: LG Optimus G E973 Others affected Firmware: Android 4.1.2 JZO54k Others affected Evidence: http://youtu.be/ZfbDIpTY-t4 A vulnerability in LG's "HiddenMenu" allows you to execute shell commands as the system, with a large array of additional permissions Groups. This vulnerability opens up...
TWiki < 5.1.4 MAKETEXT Variable Tilde Character Command Injection
According to its version number, the instance of TWiki running on the remote host is affected by a command injection vulnerability. The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remote...
Linksys E1500/E2500 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E150...
Linksys E1500 / E2500 XSS / CSRF / Traversal / Command Injection
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
Linksys E1500/E2500 - Multiple Vulnerabilities
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
Linksys WRT54GL 1.1 XSS / OS Command Injection
Device Name: Linksys WRT54GL v1.1 Vendor: Linksys/Cisco ============ Vulnerable Firmware Releases: ============ Firmware Version: 4.30.15 build 2, 01/20/2011 ============ Device Description: ============ The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps...
TWiki < 5.1.3 Multiple Vulnerabilities
According to its version number, the instance of TWiki running on the remote host is affected by multiple security vulnerabilities : - The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remo...