934 matches found
ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities
ESA-2014-046.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-046: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-046 CVE Identifier: CVE-2014-2506, CVE-2014-2507, CVE-2014-2508 Severity Rating: CVSS v2 Base Score: See below for individual scores Affecte...
openSUSE Security Update : weechat (openSUSE-SU-2012:1580-1)
added weechat-fix-hookprocess-shell-injection.patch which fixes a shell injection vulnerability in the hookprocess function bnc790217, CVE-2012-5534 - added weechat-fix-buffer-overflow-in-irc-color-decoding.patch which fixes a heap-based overflow when decoding IRC colors in strings bnc789146,...
Fedora 20 : python-gnupg-0.3.6-1.fc20 (2014-2103)
fixes protection against shell injection from previous 0.3.5 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 19 : python-gnupg-0.3.6-1.fc19 (2014-2140)
fixes protection against shell injection from previous 0.3.5 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
yxcms各处存在xss可getshell
简要描述: 求审核啊,乌云是不是不重视xss了,可是这是通用性哟。而且也不是弹窗啊,getshell利用方法都给各位想好了…… 详细说明: 不知为何之前提交的一个投稿处的xss一直不审核。是不是要注册会员过于鸡肋,反正这网站各种xss,我干脆一起提交了吧。 1.文章评论处xss,需要改包,无需登录:alertdocument.cookie 2.留言板处xss,无需登录:alertdocument.cookie 3.用户管理处xss,需要改包:alertdocument.cookie 利用方法: 外连如下javascript: $document.readyfunction var cod...
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shellexec php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires...
SuSE 11.2 / 11.3 Security Update : nagios-nrpe, nagios-plugins-nrpe (SAT Patch Numbers 8032 / 8033)
Nagios NRPE was updated to add more blacklisting to avoid shell injection via nagios request packets. CVE-2013-1362 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...
Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
EasyPHP Webserver PHP Command Execution
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
EasyPHP WebServer v.(all) <= Multiple Vulnerabilities
EasyPHP is Suffer from : + Auth Bypass + Remote Shell Injection / Remote Code Execute The Bug in EasyPHP WebServer Manager found because the PORTAL of Administration doesn't protected ! so just when you found the Admin-Portal - you can bypass the auth directly and remote attacker can get some...
weechat (important)
added weechat-fix-hookprocess-shell-injection.patch which fixes a shell injection vulnerability in the hookprocess function bnc790217, CVE-2012-5534 - added weechat-fix-buffer-overflow-in-irc-color-decoding.patch which fixes a heap-based overflow when decoding IRC colors in strings bnc789146,...
Mastery OA2007 version vulnerability and getshell-a vulnerability warning-the black bar safety net
Currently testing mastery OA2007 version Office Anywhere 2 0 0 7 network intelligent office systems http://127.0.0.1/pda/news/read.php?P=%cf' pig points. Storm web directory.. This time looked under the code, there is injected into the variables of the statements in the first 3 fields in the file...
Two security issues fixed in ioQuake3 engine
Hello, Quake 3 is a popular online first person shooter developed by IDsoftware 1 that has been released in 1999 and is still widely played. After the release of the source code under the GPL, the ioQuake3 project 2 was started that is dedicated to maintaining the existing codebase. Several game...
Quake 3 Shell Injection / Code Execution
Hello, Quake 3 is a popular online first person shooter developed by IDsoftware 1 that has been released in 1999 and is still widely played. After the release of the source code under the GPL, the ioQuake3 project 2 was started that is dedicated to maintaining the existing codebase. Several game...
PHP-Nuke <= 8.1.3.5 (Your_Account) Remote Command Exec Exploit
No description provided by source. PHP-Nuke = 8.1.0.3.5b Remote Command Execution Exploit Author/s: Dante90 & yawn Contact Us: www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] You will remember, Watson, how the dreadful business of the Abernetty...
PHP-Nuke 8.1.0.3.5b - Remote Command Execution
PHP-Nuke 8.1.0.3.5b - Remote Command Execution PHP-Nuke REMEMBER TO ADD THE FINAL / TO THE HOSTNAME "; Change Here to Set your custom shell for example use...
Sun VirtualBox <= 3.0.6 privilege escalation
No description provided by source. !/bin/sh CVE-2009-3692 Sun VirtualBox = 3.0.6 local root exploit ======================================================== Exploits popen meta char shell injection vulnerability in Sun VirtualBox. E.g. admin@sundevil:/test$ id uid=101admin gid=10staff...
Sun VirtualBox 3.0.6 - Local Privilege Escalation
Sun VirtualBox 3.0.6 - Local Privilege Escalation !/bin/sh CVE-2009-3692 Sun VirtualBox runme.c include include include include include int mainint argc, char argv FILE from, to; int fd; char ch; setuid0; setgid0; from = fopen"/bin/sh","rb"; to = fopen"./sh","wb"; while!feoffrom ch = fgetcfrom;...
openSUSE 10 Security Update : nagios (nagios-6355)
A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update nagios-6355. The text...
SuSE 11 Security Update : nagios (SAT Patch Number 1105)
A shell injection bug in nagios' statuswml.cgi CGI script has been fixed. CVE-2009-2288 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is...