Fonality Arbitrary Command Execution Vulnerability

Fonality is an open source telephone switch solution with integrated VoIP and CRM features. A security vulnerability in Fonality's assignment of incorrect permissions to /var/www/rpc/surun scripts allows remote attackers to execute arbitrary commands with root privileges...

HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)

Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-2004 This module...

ESF pfSense status_rrd_graph_img.php Command Injection

A Command Injection vulnerability has been reported in ESF pfSense. This vulnerability is due to statusrrdgraphimg.php incorrectly validating the graph HTTP parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to the statusrrdgraphimg.php URI...

HP Data Protector A.09.00 - Arbitrary Command Execution

HP Data Protector A.09.00 - Arbitrary Command Execution !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

HP Data Protector A.09.00 - Arbitrary Command Execution

!/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and earlier Tested on: Windows Server 2008 CVE : CVE-2016-20...

天融信等厂商上网行为管理设备任意命令执行漏洞

两处任意命令执行无需登录： 第一处： ifkeyexists"texttarget", $GET && keyexists"textpingcount", $GET && keyexists"textpacketsize", $GET $texttarget = $GET"texttarget"; $textpingcount = $GET"textpingcount"; $textpacketsize = $GET"textpacketsize"; $pingcmd = sprintf"ping %s -c %s -s %s", $texttarget, $textpingcount,...

Meteocontrol WEB'log Arbitrary Command Execution Vulnerability

Meteocontrol WEB'log is a web-based SCADA system that provides energy and power configuration management functions using different connected devices. A security vulnerability exists in the access command shell-like functionality of several Meteocontrol WEB'log products, which could be exploited b...

Adobe ColdFusion Arbitrary Command Execution Vulnerability

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. A command execution vulnerability exists in Adobe ColdFusion. A remote attacker can exploit this vulnerabili...

phpcms后台低权限任意命令执行

No description provided by source...

BMC Server Automation RSCD Agent Weak ACL XML-RPC Arbitrary Command Execution

The RSCD agent running on the remote host does not have access controls in place to prevent an attacker from executing XML-RPC commands. An unauthenticated, remote attacker can exploit this to execute arbitrary commands in the context of the user in which the connections are mapped. C Tenable...

HPE Network Node Manager Arbitrary Command Execution Vulnerability

HP Network Node Manager i-series NNMi software delivers powerful out-of-the-box features to help your network operations team efficiently manage networks of any size. An arbitrary command execution vulnerability exists in HPE Network Node Manager i NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00,...

CVE-2016-2352

The Accellion File Transfer Appliance FTA before FTA91240 allows remote authenticated users to execute arbitrary commands by leveraging the YUMCLIENT restricted-user role...

IBM Security Identity Manager Virtual Appliance Arbitrary Command Execution Vulnerability (CNVD-2016-02912)

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

Arbitrary Command Execution Vulnerability in Reporter System of Shanghai Bingfeng Computer Network Technology Co.

Shanghai Bingfeng Computer Network Technology Co., Ltd. is a domestic VPN, Traffic Management, Behavior Management, Link Load Balancing, Next Generation Firewall equipment supplier and IT value solution provider. Bingfeng network reporter system is a set of data report management system. Shanghai...

Arbitrary Command Execution Vulnerability in the cpu_history.cgi Parameter of the Bump Network Firewall System

AuTech firewall system has the ability to prevent various attacks inside and outside the network, suppress network storms through fine-grained traffic management, as well as rich application layer filtering functions and multi-link load balancing and server load balancing. An arbitrary command...

Arbitrary Command Execution Vulnerability in the ping_ip_address Parameter of the Bump Network Firewall System

AuTech firewall system has the ability to prevent various attacks inside and outside the network, suppress network storms through fine-grained traffic management, as well as rich application layer filtering functions and multi-link load balancing and server load balancing. An arbitrary command...

Observium 0.16.7533 - Authenticated Arbitrary Command Execution

Exploit for php platform in category web applications Exploit title: Observium Commercial - Authenticated RCE Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 28-04-2016 Vendor homepage: http://observium.org/ Software version: CE 0.16.7533 Authenticated remote code execution Using eith...

Manage Engine Application Manager Arbitrary Command Execution Vulnerability

ManageEngine Applications Manager is an application performance monitoring solution. An arbitrary command execution vulnerability exists in Applications Manager. An attacker can execute system commands by uploading a malicious file...

Symantec Messaging Gateway Elevation of Privilege Vulnerability

Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A security vulnerability exists in the management console of Symantec Messaging Gateway versions prior to 10.6.0-7. The vulnerability can be exploited...

Novell openSUSE Leap and openSUSE Arbitrary Command Execution Vulnerabilities

Novell openSUSE is a free Linux-based operating system. openSUSE Leap is a version of openSUSE. A security vulnerability in obs-service-extractfile in Novell openSUSE Leap and obs-service-extractfile in openSUSE allows local attackers to execute arbitrary commands...