7630 matches found
MoinMoin - Arbitrary Command Execution
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ?????????? ?????? ??? ??? ??? ?????????? ???????? ??? ??????? \r\n' ascii +=' ??????????? ???????? ??? ???? ??? ??????????? ???????? ??? ??????? \r\n' ascii +=' ??? ??? ??? ??...
InstantCMS 1.6 - Remote PHP Code Execution
No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...
GlFtpd 1.17.2 - Remote Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/891/info GlFtpd is a popular alternative to the mainstream unix ftp daemons and is currently in wide use on the internet. There are three known serious vulnerabilities in GlFtpd. The first problem is an account which is...
GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3127/info GNU locate is an application that searches file databases for file names that match user-supplied patterns. A boundary condition error can occur when the program reads database files composed in an old format,...
Itetris 1.6.1/1.6.2 Privileged Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2139/info Itetris, or Intelligent Tetris, is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular...
Webmin /file/show.cgi Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data. An attacker may exploit...
HP Web Jetadmin 7.5.2456 Remote Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9973/info Reportedly HP web Jetadmin is prone to a remote arbitrary command execution vulnerability. This issue is due to a failure of the application to properly validate and sanitize user supplied input. Successful...
Mambo Open Source 4.5.1 (1.0.9) - Function.php Arbitrary Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may...
Coppermine Photo Gallery 1.x theme.php Multiple Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly...
cgiCentral WebStore 400 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2861/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. Wsmail.cgi calls system with user-supplied data in the command string. Because it does not filter metacharacter...
Autodesk 3ds Max Application Callbacks Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/36634/info Autodesk 3ds Max is prone to a vulnerability that lets attackers execute arbitrary commands in the context of the vulnerable application. This issue affects the following: 3ds Max 6 through 9 3ds Max 2008 throu...
Micro Focus Cobol 4.1 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2359/info Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis. If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may...
MobileIron Virtual Smartphone Platform Privilege Escalation Exploit
No description provided by source. MobileIron Virtual Smartphone Platform Privilege Escalation Exploit 0day ======================================================================== The MobileIron Virtual Smartphone Platform is the first solution to combine data-driven smartphone and tablet...
Leif M. Wright everythingform.cgi 2.0 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied input to the 'config' field. As a...
FreeNAS exec_raw.php Arbitrary Command Execution
No description provided by source. $Id: freenasexecraw.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...
E-Guest 1.1 Server Side Include Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5129/info E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems. E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of...
Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15375/info Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input. By modifying a text file to include local...
Jetty 3.1.6/3.1.7/4.1 Servlet Engine Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5852/info A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to...
Veritas NetBackup - Remote Command Execution
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...