1820 matches found
Joomla JomSocial 2.6 Code Execution
!/usr/bin/python Joomla! JomSocial component = 2.6 PHP code execution exploit Authors: - Matias Fontanini - Gaston Traberg This exploit allows the execution of PHP code without any prior authentication on the Joomla! JomSocial component. Note that in order to be able to execute PHP code, both the...
Wikipedia Remote Execution Vulnerability Patched
A serious remote code execution vulnerability was recently patched by the Wikimedia Foundation. The flaw could have put at risk any of the foundation’s sites running MediaWiki software, including Wikipedia. Researchers within Check Point Software Technologies’ Vulnerability Research Group...
MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities
According to its version number, the instance of MediaWiki running on the remote host is affected by the following remote code execution vulnerabilities : - A user-input validation error exists during thumbnail generation in the 'thumb.php' script that allows the execution of arbitrary shell...
[fwknop] Single Packet Authorization and Port Knocking
fwknop stands for the "FireWall KNock OPerator", and implements an authorization scheme called Single Packet Authorization SPA. This method of authorization is based around a default-drop packet filter fwknop supports iptables on Linux, ipfw on FreeBSD and Mac OS X, and PF on OpenBSD and libpcap...
Command injection in Ruby Gem Webbynode 1.0.5.3
Title: Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2013 Author: Larry W. Cashdollar, @larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user supplied inpu...
Command injection vulnerability in Ruby Gem sprout 0.7.246
Title: Command injection vulnerability in Ruby Gem sprout 0.7.246 Date: 11/14/2013 Download: http://rubygems.org/gems/sprout, http://projectsprouts.org/ Vulnerability: The unpackzip function contains the following code: sprout-0.7.246/lib/sprout/archiveunpacker.rb 60 zipdir =...
Updated torque packages fix CVE-2013-4495
Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbsserver CVE-2013-4495...
Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability
A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit th...
[SECURITY] [DSA 2796-1] torque security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2796-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 13, 2013 http://www.debian.org/security/faq -...
PT-2018-13778 · Artifex +3 · Ghostscript +3
Name of the Vulnerable Software and Affected Versions: ghostscript version 9.07 Description: An issue was discovered where a previous fix did not fully address the problem, allowing an attacker to potentially exploit a variant of the flaw. This could enable the bypassing of the -dSAFER protection...
CVE-2013-5533
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334...
CVE-2013-5533
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334...
GestioIP <= 3.0 Command Injection Vulnerability - Active Check
GestioIP is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cisco NX-OS Software Input Validation Vulnerability
A vulnerability in input parsing in Cisco NX-OS Software could allow an authenticated, local attacker to execute commands on the underlying operating system. The vulnerability is due to improper filtering of parameters passed to the Stream Editor sed filter. An attacker could exploit this...
Exim with Dovecot LDA sender_address Parameter Remote Command Execution
A remote command execution vulnerability exist in Exim MTA that uses the Dovecot as the Local Delivery Agent LDA. The vulnerability is due to the dangerous configuration in Dovecot suggesting the "useshell" option. A remote attacker could exploit this vulnerability by sending a malicious...
Amazon Linux AMI : nrpe (ALAS-2013-203)
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via '$' shell metacharacters, which are processed by bash. C Tenable Network Security, Inc. The descriptive text and package checks in...
DEBIAN-CVE-2013-2088
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename...
Cisco Nexus 1000V License Installation Command Injection Vulnerability
A vulnerability in the license installation module of Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install license command to properly validate user-supplied input. An attacker could exploit this...
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...
CVE-2013-1362
Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...