1820 matches found
D-Link DIR-300/600/645/845/865 OS-Command Injection via UPnP Interface
Exploit for hardware platform in category web applications Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B -...
D-Link - OS-Command Injection via UPnP Interface
D-Link - OS-Command Injection via UPnP Interface Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-6...
ASUS RT56U Router Multiple Vulnerabilities (Jun 2013) - Active Check
ASUS RT56U Router is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ASUS RT56U Remote Command Injection
Exploit Title: Asus RT56U Remote Command Injection Date: 05/05/2013 Exploit Author: drone @dronesec Vendor Homepage: asus.com Version: = 3.0.0.4.360 latest Device Details: ============== Router information: http://www.asus.com/Networking/RTN56U/ Firmware:...
Asus RT56U 3.0.0.4.360 - Remote Command Injection
Asus RT56U 3.0.0.4.360 - Remote Command Injection Exploit Title: Asus RT56U Remote Command Injection Date: 05/05/2013 Exploit Author: drone @dronesec Vendor Homepage: asus.com Version: = 3.0.0.4.360 latest Device Details: ============== Router information: http://www.asus.com/Networking/RTN56U/...
Asus RT56U 3.0.0.4.360 - Remote Command Injection
Router information: http://www.asus.com/Networking/RTN56U/ Firmware: http://www.asus.com/Networking/RTN56U/supportDownload30 Insufficient or rather, a complete lack thereof input sanitization leads to the injection of shell commands. It's possible to upload and execute a backdoor. Example request...
Apache Subversion 命令注入漏洞(CVE-2013-2088)
BUGTRAQ ID: 60265 CVECAN ID: CVE-2013-2088 Subversion是一款开源多用户版本控制系统,支持非ASCII 文本和二进制数据。 Apache Subversion 1.6.22及之前版本、1.7.10及之前版本存在命令注入漏洞,可导致受影响系统损坏。此漏洞源于处理文件名时,svn-keyword-check.pl hook脚本内存在输入验证错误。通过特制的请求可注入任意shell命令并执行这些命令。要成功利用此漏洞需要在服务器端使用contrib脚本。 0 Apache Group Subversion = 1.7.10 Apache Gro...
LG Optimus G Command Injection
Device: LG Optimus G E973 Others affected Firmware: Android 4.1.2 JZO54k Others affected Evidence: http://youtu.be/ZfbDIpTY-t4 A vulnerability in LG's "HiddenMenu" allows you to execute shell commands as the system, with a large array of additional permissions Groups. This vulnerability opens up...
TWiki < 5.1.4 MAKETEXT Variable Tilde Character Command Injection
According to its version number, the instance of TWiki running on the remote host is affected by a command injection vulnerability. The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remote...
Linksys E1500/E2500 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E150...
Linksys E1500 / E2500 XSS / CSRF / Traversal / Command Injection
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
Linksys E1500/E2500 - Multiple Vulnerabilities
Device Name: Linksys E1500 / E2500 Vendor: Linksys ============ Device Description: ============ The Linksys E1500 is a Wireless-N Router with SpeedBoost. It lets you access the Internet via a wireless connection or through one of its four switched ports. You can also use the Linksys E1500 to sha...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
Linksys WRT54GL 1.1 XSS / OS Command Injection
Device Name: Linksys WRT54GL v1.1 Vendor: Linksys/Cisco ============ Vulnerable Firmware Releases: ============ Firmware Version: 4.30.15 build 2, 01/20/2011 ============ Device Description: ============ The Router lets you access the Internet via a wireless connection, broadcast at up to 54 Mbps...
TWiki < 5.1.3 Multiple Vulnerabilities
According to its version number, the instance of TWiki running on the remote host is affected by multiple security vulnerabilities : - The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remo...
DSA-2598-1 weechat - several
Bulletin has no description...
Debian: Security Advisory (DSA-2598-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Foswiki 'MAKETEXT' variable RCE Vulnerability
foswiki is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foswiki:foswiki...
TWiki MAKETEXT Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'TWiki MAKETEXT Remote Command...