407 matches found
Unspecified Vulnerability in Mimosa Client Radios and Mimosa Backhaul Radios (CNVD-2017-08182)
Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A securi...
Arbitrary shell execution
Security Advisory - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrad...
Arbitrary shell execution
Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...
Arbitrary shell execution
Security Advisory - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for...
openSUSE: Security Advisory for GraphicsMagick (openSUSE-SU-2016:3060-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2016-3129
A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server GEMS implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf...
CVE-2016-3129
The CVE-2016-3129 entry describes a remote code execution vulnerability in BlackBerry Good Enterprise Mobility Server (GEMS) via the Apache Karaf command shell. Affected versions are 2.1.5.3 through 2.2.22.25. An attacker can execute commands to gain local administrator rights on the GEMS server....
Security update for GraphicsMagick (important)
This update for GraphicsMagick fixes the following issues: - a possible shell execution attack was fixed. if the first character of an input filename for 'convert' was a '|' then the remainder of the filename was passed to the shell CVE-2016-5118, boo982178 - Maliciously crafted pnm files could...
FreePBX RCE Vulnerability (Aug 2016) - Active Check
A remote command execution RCE vulnerability that results in privileged escalation exists in FreePBX 13 and FreePBX 14 with Recordings SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Huawei WS851 Stack Buffer Overflow Vulnerability
The Huawei WS851 is a wireless router product from Huawei China. A security vulnerability exists in the Huawei WS851 prior to version 1.1.21.1, which stems from the program failing to check parameters. The vulnerability can be exploited to trigger a stack overflow, remotely obtain root privileges...
Pornhub: [phpobject in cookie] Remote shell/command execution
The researcher was able to exploit a vulnerable deserialization function in PHP leading to remote shell on a production server...
Apache Jetspeed Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...
Apache Jetspeed - Arbitrary File Upload (Metasploit)
Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecure...
Apache Jetspeed Arbitrary File Upload
This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file...
Legal Robot: Remote Code Execution (upload)
Any file upload was accepted without filter, which led to RCE vulnerability. It was difficult to find the path tho :P Strange thing : The shell was executing on firefox only :P , it displayed plain text when opened in chrome...
eyou某服务器配置不当(存在被Getshell风险)
简要描述: eyou某服务器配置不当,存在被getshell风险 详细说明: 在已知mail.you.net web绝对路径情况下。 可使用redis写文件。getshell。 漏洞证明:...
Microsoft Internet Explorer EditWith Sandbox Escape Vulnerability
This vulnerability allows remote attackers to escape the Application Container and execute code in the context of the logged-in user on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious pag...
Arbitrary Shell Execution in Swiftmailer library
More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...
Multiple Vulnerabilities in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution! Component Type: TYPO3 CMS Vulnerability Types: Denial of Service, Arbitrary Shell Execution Overall Severity: Medium Release Date: October 22, 2014 Vulnerable subcomponent: OpenID System...
Immunity Canvas: CITRIX_NETSCALER_SOAP
Name| citrixnetscalersoap ---|--- CVE| CVE-2014-7140 Exploit Pack| CANVAS Description| Citrix Netscaler 10.1 Soap exploit Notes| FoundBy: Console Cowboys Notes: A vulnerability exists in the SOAP handler of the web interface. A SOAP request can be crafted to trigger a memory corruption flaw,...