7631 matches found
CVE-2014-8387
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi...
IIS4\IIS5 CGI environment block forged 0day-vulnerability warning-the black bar safety net
IIS4\IIS5 CGI environment block forged 0day About 1 4 years ago find until now the 0day Is IIS4\IIS5 vulnerabilities, corresponding to theoperating systemis a winnt and win2000 system that Microsoft no longer supports the software, their strategies want to knock out these systems, 1 to 1 of the...
NetBSD tnftp fetch.c fetch_url Command Execution (CVE-2014-8517)
A command execution vulnerability has been reported in NetBSD tnftp. The vulnerability is due to insufficient validation of the ftp output file name when using an HTTP URI to fetch files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a malicious UR...
Dropbear < 0.48 Multiple Vulnerabilities
Dropbear is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...
MS Office 2007 and 2010 - OLE Arbitrary Command Execution
No description provided by source. Full exploit: http://www.exploit-db.com/sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking Trainings - http://training.aslitsecurity.com Web -...
HP Data Protector 'EXEC_INTEGUTIL' Arbitrary Command Execution
Binary data hpdataprotectorzdi14344.nbin...
Microsoft Office 20072010 - OLE Arbitrary Command Execution
Microsoft Office 20072010 - OLE Arbitrary Command Execution Full exploit: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/35216.rar CVE-2014-6352 OLE Remote Code Execution Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Advanced Hacking...
Fedora 20 : tnftp-20141031-1.fc20 (2014-14113)
Security fix for CVE-2014-8517 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
WordPress XCloner Plugin - Multiple Vulnerabilities
XCloner plugin is prone to multiple vulnerabilities, such as: unauthenticated remote access to backup files via easily guessable file names, arbitrary command execution and authenticated remote file access. Also, clear text MySQL password exposure through HTML text box. Solution Upgrade the plugi...
WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities
WordPress Plugin Joomla! Component XCloner - Multiple Vulnerabilities Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
WordPress Plugin / Joomla! Component XCloner - Multiple Vulnerabilities
Title: XCloner Wordpress/Joomla! backup Plugin v3.1.1 Wordpress v3.5.1 Joomla! Vulnerabilities Author: Larry W. Cashdollar, @larry0 Date: 10/17/2014 Download: https://wordpress.org/plugins/xcloner-backup-and-restore/ Download:...
tnftp "savefile" Arbitrary Command Execution Exploit
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...
CVE-2014-8660
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors...
Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (Cisco-SA-20131115-CVE-2013-5556)
A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (CSCui21340)
A vulnerability in the license installation module of a Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. This issue is due to the failure of the 'install all iso' command to properly validate user-supplied input. C Tenable Network Security, Inc...
Arbitrary Command Execution
Overview Affected versions of this package are vulnerable to Arbitrary Command Execution due to the assignment functions accessing constructors functions, allowing attackers to execute their malicious code. Remediation Upgrade angularjs to version 1.3.2 or higher. References - GitHub ChangeLog -...
MGASA-2014-0429 Updated wpa_supplicant and hostapd packages fix security vulnerability
A vulnerability was found in the mechanism wpacli and hostapdcli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system call resulting in arbitrary command execution under the privileges of the wpacli/hostapdcli process which may be root in...
tnftp "savefile" Arbitrary Command Execution
This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component...
AlienVault OSSIM av-centerd Util.pm remote_task Arbitrary Command Execution (CVE-2014-5210)
The vulnerability is due to a failure to safely sanitize remotetask SOAP requests within Util.pm. this vulnerability can be exploit by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges...
CVE-2014-2886
GKSu 2.0.2 vulnerability (CVE-2014-2886): when sudo-mode is not enabled, gksu-run-helper processes an argument containing a double quote, enabling arbitrary command execution in scenarios with an untrusted substring (e.g., untrusted filename during VirtualBox extension pack install). Affected: GK...