7631 matches found
CVE-2014-7209
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...
AdaptCMS 3.0.3 - Multiple Vulnerabilities
AdaptCMS 3.0.3 - Multiple Vulnerabilities !/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as wel...
AdaptCMS 3.0.3 Remote Command Execution
!/usr/bin/env python AdaptCMS 3.0.3 Remote Command Execution Exploit Vendor: Insane Visions Product web page: http://www.adaptcms.com Affected version: 3.0.3 Summary: AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only s...
AdaptCMS 3.0.3 Remote Command Execution Exploit
Summary AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system...
Microsoft-Office-2007-and-2010---OLE-Arbitrary-Command-Execution
CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Tested on win7 - office 2007 and 2010...
Redmine plugin redmine_git_hosting arbitrary command execution vulnerability
Redmine is the open source project management web application . An arbitrary command execution vulnerability exists in the Redmine plugin redminegithosting, which allows remote attackers to exploit the vulnerability to execute arbitrary commands...
IBM Security AppScan Enterprise Arbitrary Command Execution Vulnerability
IBM Security AppScan Enterprise is a set of U.S. IBM Web application security testing solutions. Formerly known as IBM Rational AppScan Enterprise, the program supports simultaneous scanning of multiple Web applications , generate vulnerability reports and intelligent patching . IBM Security...
Cisco Meraki MS MRMX Arbitrary Command Execution Vulnerability
The Cisco Meraki MS MRMX is a cloud-managed wireless networking device from Cisco. The Cisco Meraki MS MRMX arbitrary command execution vulnerability allows remote attackers to execute arbitrary commands by leveraging knowledge of cross-device secrets and per-device secrets...
TSUTAYA application arbitrary command execution vulnerability
TSUTAYA application is a chain of famous impression stores all over Japan. An arbitrary command execution vulnerability exists in TSUTAYA application versions prior to 5.3 for Android, which allows remote attackers to execute arbitrary Java methods via a crafted HTML document...
FreeBSD : git -- Arbitrary command execution on case-insensitive filesystems (1d567278-87a5-11e4-879c-000c292ee6b8)
The Git Project reports : When using a case-insensitive filesystem an attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. If you are a hosting...
CVE-2014-7208
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label...
glibc: command execution in wordexp() with WRDE_NOCMD specified
It was found that the wordexp function would perform command substitution even when the WRDENOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp function, and not sanitizing the input correctly, could potentially use this flaw to execut...
ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling
Exploit for php platform in category web applications Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url:...
LibreOffice 4.3.x < 4.3.1 Multiple Vulnerabilities
A version of LibreOffice is installed on the remote Windows host that is 4.3.x prior to 4.3.1. It is, therefore, affected by the following vulnerabilities : - An input-validation error exists related to handling Calc spreadsheets that allows arbitrary command execution. CVE-2014-3524 - An...
LibreOffice 4.x < 4.2.6-secfix (4.2.6.3) Multiple Vulnerabilities
A version of LibreOffice is installed on the remote Windows host that is 4.x prior to 4.2.6-secfix 4.2.6.3. It is, therefore, affected by the following vulnerabilities : - An input-validation error exists related to handling Calc spreadsheets that allows arbitrary command execution. CVE-2014-3524...
Mango cloud KODExlporer information leak+arbitrary command execution getshell(a-vulnerability warning-the black bar safety net
Do you want to blast your entire chrysanthemum it??? I take it slow and... Don't be afraid to hurt it. Give up Detailed description: Code I from official website next. Dog brother, waiting for the Universal rewards. I don't have how analysis, own download sets of source code to build it! I don't...
ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Adler Freiheit Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software: ResourceSpace Digital Asset...
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
CVE-2014-8417
CVE-2014-8417 affects Asterisk’s ConfBridge: remote authenticated users can escalate privileges via the external protocol to the CONFBRIDGE dialplan function or run arbitrary commands via a crafted ConfbridgeStartRecord AMI action. Affected: Asterisk 11.x pre-11.14.1, 12.x pre-12.7.1, 13.x pre-13...
CVE-2014-7817
CVE-2014-7817 affects the GLIBC wordexp function (glibc) where WRDE_NOCMD was not enforced, allowing context-dependent local attackers to execute arbitrary commands via input containing shell substitutions (e.g., $(...)). Public disclosures and vendor advisories (Debian/DSA-3142-1; CentOS CESA no...