84 matches found
CVE-2024-47977
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this...
July 11, 2023—KB5028185 (OS Build 22621.1992)
July 11, 2023—KB5028185 OS Build 22621.1992 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to find out...
pyLoad js2py Python Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...
CVE-2022-37878
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
Fixed CVEs in vim: CVE-2022-0319, CVE-2022-1886, CVE-2022-1898, CVE-2022-1851
CVE-2022-0319: correct end of Visual area when entering another buffer - CVE-2022-1851: fix invalid cursor position after text formatting - CVE-2022-1886: fix access before start of text with a put command - CVE-2022-1898: fix using freed memory with 'd'...
PT-2021-4960 · Cisco · Cisco Catalyst Pon Series Switches Ont
Name of the Vulnerable Software and Affected Versions: Cisco Catalyst Passive Optical Network PON Series Switches Optical Network Terminal ONT affected versions not specified Description: The issue is related to multiple vulnerabilities in the web-based management interface of the Cisco Catalyst...
asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm
The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...
CVE-2016-2297
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."...
CVE-2016-2297
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."...
CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...
CVE-2006-0563
PluggedOut Blog 1.9.9c has a SQL injection vulnerability in exec.php, exploitable via the entryid parameter in the comment_add action. This allows remote attackers to execute arbitrary SQL commands. The vulnerability is rated HIGH (CVSS v2 base score 7.5) by NVD, but the provided documents do not...
CVE-2005-0015
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
AWStats 5.7 < 6.2 - Multiple Remote s
/ Awstats exploit "shell" code by omin0us omin0us208 at gmail dot com dtors security group .: http://dtors.ath.cx :. Vulnerability reported by iDEFENSE pluginmode bug has been found by GHC team. The awstats exploit that was discovered allows a user to execute arbitrary commands on the remote serv...
PHPix index.phtml Multiple Parameter Arbitrary Command Execution
The remote host is running phpix, a PHP-based photo gallery suite. Multiple vulnerabilities have been discovered in this product, which may allow a remote attacker to execute arbitrary commands with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
[SECURITY] [DSA 237-1] New kdenetwork packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 237-1 [email protected] http://www.debian.org/security/ Martin Schulze January 22nd, 2003 http://www.debian.org/security/faq -...
Openwebmail 1.71 remote root compromise
-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 Security Advisory 12.18.02 Software : Openwebmail http://openwebmail.org Version : ?.?? - 1.71 current Type : Arbitrary commands execution Remote : yes Root : yes !!! Date : December 18, 2002 I. BACKGROUND Openwebmail is a web-bases email system. It...
CVE-2001-0439
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL...
IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/bin/lpstat Local Exploit
Exploit for irix platform in category local exploits =============================================================== IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/bin/lpstat Local Exploit =============================================================== !/bin/sh copyright LAST STAGE OF DELIRIUM jul 2000...
CVE-2001-0180
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter...
FreeBSD-SA-01:35.licq
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:35 Security Advisory FreeBSD, Inc. Topic: licq contains multiple remote vulnerabilities Category: ports Module: licq Announced: 2001-04-23 Credits: Stan Bubrouski Affects...