190 matches found
McAfee LinuxShield 1.5.1 - LocalRemote File Inclusion Remote Code Execution
McAfee LinuxShield 1.5.1 - LocalRemote File Inclusion Remote Code Execution !/usr/bin/perl Title: McAfee LinuxShield WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accepts no liability for damage caused by this tool. use strict;...
McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution
!/usr/bin/perl Title: McAfee LinuxShield WARNING: This Exploit deletes the default Update Server Use it only for education or ethical pentesting! The author accepts no liability for damage caused by this tool. use strict; use IO::Socket::SSL; use Getopt::Std; my %args; my $ack; my $timestamp;...
SOL10905 - NTP vulnerability - CVE-2009-3563
F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of NTP. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if NTP was manually configured and enabled...
Fedora Update for cobbler FEDORA-2008-9745
Check for the Version of cobbler OpenVAS Vulnerability Test Fedora Update for cobbler FEDORA-2008-9745 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Trend Micro HouseCall ActiveX control does not adequately validate update server parameters
Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll includes an update feature. A web page hosting...
Remote code execution
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in HousecallActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder...
[SECURITY] Fedora 8 Update: cobbler-1.2.9-1.fc8
Cobbler is a network boot and update server. Cobbler supports PXE, provisioning virtualized images, and reinstalling existing Linux machines. The last two modes require a helper tool called 'koan' that integrates with cobbler. Cobbler's advanced features include importing distributions from DVDs...
Directory traversal
Directory traversal vulnerability in BitDefender Update Server http.exe, as used in BitDefender products including Security for Fileservers and Enterprise Manager BDEM, allows remote attackers to read arbitrary files via .. dot dot sequences in an HTTP request...
CVE-2008-0396
Directory traversal vulnerability in BitDefender Update Server http.exe, as used in BitDefender products including Security for Fileservers and Enterprise Manager BDEM, allows remote attackers to read arbitrary files via .. dot dot sequences in an HTTP request...
CVE-2008-0396
Directory traversal vulnerability in BitDefender Update Server http.exe, as used in BitDefender products including Security for Fileservers and Enterprise Manager BDEM, allows remote attackers to read arbitrary files via .. dot dot sequences in an HTTP request...
CVE-2008-0396
CVE-2008-0396 is a directory traversal vulnerability in BitDefender Update Server (http.exe) used by BitDefender products. The vulnerability allows an unauthenticated remote attacker to read arbitrary files by crafting HTTP requests with directory traversal sequences (..). The issue affects the U...
BitDefender Update Server Detection
The remote web server is a BitDefender Update Server, used for centralized updates of BitDefender products on a local network. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid30020; scriptversion"1.15"; scriptsetattributeattribute:"pluginmodificationdate",...
BitDefender Update Server HTTP Request Traversal Arbitrary File Access
The version of BitDefender Update Server running on the remote host fails to sanitize request strings of directory traversal sequences, which allows an unauthenticated attacker to read files outside the web server's document directory. Note that the server runs with LocalSystem privileges by...
BitDefender Update Server directory traversal
HTTP server directory traversal with /../...
BitDefender Update Server - Unauthorized Remote File Access Vulnerability
BitDefender Update Server - Unauthorized Remote File Access Vulnerability ==================================================== Affected Products: - BitDefender Security for Fileservers - BitDefender Enterprise Manager BDEM - All BitDefender Products, using their internal update server product...
BitDefender Products - Update Server HTTP Daemon Directory Traversal
BitDefender Products - Update Server HTTP Daemon Directory Traversal source: https://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an...
BitDefender Products - Update Server HTTP Daemon Directory Traversal
source: https://www.securityfocus.com/bid/27358/info BitDefender Update Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access potentially sensitive information that could aid in...
PatchLink Update Server checkprofile.asp checkid Parameter SQL Injection
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote host fails to sanitize user-supplied input to the 'agentid' parameter of the '/dagent/checkprofile.php' script before using it to...
PatchLink Update Server nwupload.asp Traversal Arbitrary File Write
The remote host is running PatchLink Update Server, a patch and vulnerability management solution. The version of PatchLink Update Server installed on the remote fails to sanitize input to the '/dagent/nwupload.asp' script of directory traversal sequences and does not require authentication befor...
CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in 1 PatchLink Update Server PLUS before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and 2 Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter...