CVE-2017-17417

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue...

CVE-2017-17415

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method requests. The issue resul...

CVE-2018-5968

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist...

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

Design/Logic Flaw

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

CVE-2017-17485

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper,...

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

SICUNET Access Controller Multiple Vulnerabilities

SICUNET Access Controller is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure

SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The vulnerabilities were discovered during a black box security...

SICUNET Access Controller 0.32-05z Code Execution / File Disclosure Vulnerabilities

Exploit for php platform in category web applications SICUNET Physical Access Controller - Multiple Vulnerabilities ------------------------------------------------------------- Introduction ============ Multiple vulnerabilities were identified in the SICUNET Access Controller Products. The...

Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities

Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer =...

Nagios Network Analyzer 2.2.0 Command Injection / SQL Injection

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Nagios Network Analyzer Multiple Vulnerabilities Affected versions: Nagios Network Analyzer = 2.2.0 PDF:...

[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components

Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management Components During a penetration test, RedTeam Pentesting discovered that several IBM Endpoint Manager Components are based on Ruby on Rails and use static secrettoken values. With these values,...

IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability

漏洞起因 栈溢出导致的远程代码执行 影响系统 Lotus Domino Server Versions 8.0 and 8.5 on AIX, AIX 64bit, Linux, Linux iSeries, Linux, zSeries, Solaris, Windows, Windows 64bit, z/OS 危害 远程攻击者可以利用漏洞在服务器上执行任意代码。 攻击所需条件 攻击者构造包含特殊参数的邮件。 漏洞信息 未经身份验证的远程代码执行漏洞是由于代码在识别处理和转换 iCalendar...

FreeBSD : puppet -- Unauthenticated Remote Code Execution Vulnerability (b162b218-c547-4ba2-ae31-6fdcb61bc763)

Puppet Developers report : When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby...