238 matches found
Code injection
adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...
CVE-2016-8585
adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...
CVE-2016-8585
adminsystime.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter...
Trend Micro Threat Discovery Appliance Command Execution Vulnerability
The Trend Micro Threat Discovery Appliance is the next generation network monitoring appliance. A security vulnerability exists in the Trend Micro Threat Discovery Appliance adminsystime.cgi interface handling timezone parameter. A remote attacker can exploit the vulnerability to submit a special...
Command injection
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the adminsystime.cgi interface...
CVE-2016-7547
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the adminsystime.cgi interface...
CVE-2016-7547
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the adminsystime.cgi interface...
Trend Micro Threat Discovery Appliance remote code execution(CVE-2016-7547)
A command injection in the adminsystime. the cgi interface that allows for an attacker to gain remote code execution CVE-2016-7547. Vulnerability linkage: https://www.seebug.org/vuldb/ssvid-92938 This module requires Metasploit: http://metasploit.com/download Current source:...
Updated openvas-manager packages fix security vulnerability
Updated openvas-manager packages fixes security vulnerability: It has been identified that OpenVAS Manager before 4.0.6 is vulnerable to sql injections due to a improper handling of the timezone parameter in modifyschedule OMP command. It has been identified that this vulnerability may allow...
Sql injection
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modifyschedule OMP command...
CVE-2014-9220
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modifyschedule OMP command...
CVE-2013-0301
Cross-site request forgery CSRF vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter...
CVE-2013-0301
CVE-2013-0301 affects ownCloud Calendar CSRF in apps/calendar/ajax/settings/settimezone, allowing remote attackers to hijack user sessions to change timezone. Public details show vulnerable versions: ownCloud before 4.0.12 (and related advisories) with this CSRF in the timezone parameter; impact ...
Serv-U FTP Server MDTM timezone buffer overflow
Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...
Serv-U FTP Server MDTM timezone buffer overflow
Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...
CVE-2001-0464
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs timezone parameter...
CVE-2001-0464
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs timezone parameter...
CVE-2001-0464
CVE-2001-0464 describes a buffer overflow in the Cyberscheduler component websync.exe . The overflow is triggered by a long tzs (timezone) parameter, allowing a remote attacker to execute arbitrary commands. The vulnerability is rated with a HIGH base score and network attack Vector with no authe...