1764 matches found
Vmware vSphere Management Assistant (vMA) Privilege Escalation
======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...
XSS in Webmin 1.540 + exploit for privilege escalation
Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi javierbassi at gmail dot com...
Webmin 1.540 Cross Site Scripting / Command Execution
Information -------------------- Name : XSS vulnerability in Webmin Software : All versions prior to and including 1.540 are affected. Vendor Hompeage : http://www.webmin.com Vulnerability Type : Cross-Site Scripting Severity : Medium Researcher : Javier Bassi Description ------------------ Webmi...
Asterisk Multiple Vulnerabilities (AST-2011-005/AST-2011-006)
Binary data 5897.prm...
FreeBSD : Asterisk -- multiple vulnerabilities (3c7d565a-6c64-11e0-813a-6c626dd55a41)
The Asterisk Development Team reports : It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the 'Async' header with the 'Application' header during an Originate action, allows authenticat...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: It is possible for a user of the Asterisk Manager Interface to bypass a security check and execute shell commands when they should not have that ability. Sending the "Async" header with the "Application" header during an Originate action, allows authenticate...
[USN-1115-1] language-selector vulnerability
========================================================================== Ubuntu Security Notice USN-1115-1 April 19, 2011 language-selector vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
USN-1115-1: language-selector vulnerability
Romain Perier discovered that the language-selector D-Bus backend did not correctly check for Policy Kit authorizations. A local attacker could exploit this to inject shell commands into the system-wide locale configuration file, leading to root privilege escalation...
Multi Gather Run Shell Command Resource File
This module will read shell commands from a resource file and execute the commands in the specified Meterpreter or shell session. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Ru...
Debian Security Advisory DSA 2182-1 (logwatch)
The remote host is missing an update to logwatch announced via advisory DSA 2182-1. OpenVAS Vulnerability Test $Id: deb21821.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2182-1 logwatch Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Debian: Security Advisory (DSA-2182-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability
Secunia reports: Input passed via an email from address is not properly sanitised in the "deliver" function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands...
Mitel Audio and Web Conferencing (AWC) RCE Vulnerability (Jan 2011)
Mitel Audio and Web Conferencing AWC is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability
Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. OpenVAS...
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the...
Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection
Mitel Audio and Web Conferencing AWC - Arbitrary Shell Command Injection source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attacker...
AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution
AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. An attacker can...
phpThumb 'fltr[]' Parameter Command Injection Vulnerability
The host is running phpThumb and is prone to command injection vulnerability. OpenVAS Vulnerability Test $Id: gbphpthumbcmdinjvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ phpThumb 'fltr' Parameter Command Injection Vulnerability Authors: Sooraj KS Updated from version check to active exploit by...
Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability
No description provided by source. A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a...
DSA-2021-2 spamass-milter - regression fix
Bulletin has no description...