Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit

Exploit for php platform in category web applications !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management...

Cogent DataHub Web Server GetPermissions.asp Command Injection (CVE-2014-3789)

A remote command injection vulnerability has been reported in Cogent DataHub. The vulnerability is due to insufficient validation within the GetPermissions.asp page. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to GetPermissions.asp. This can result...

Lunar CMS 3.3 - Remote Command Execution

Lunar CMS 3.3 - Remote Command Execution !/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written...

Lunar CMS 3.3 - Remote Command Execution

!/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so...

Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit

Summary Lunar CMS is a freely distributable open source content management system written for use on servers running the ever so popular PHP5 & MySQL. Description Lunar CMS suffers from an unauthenticated arbitrary command execution vulnerability. The issue is caused due to the improper...

Usermin vulnerable to OS command injection

Overview Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability. Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

GLSA-201406-15 : KDirStat: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-201406-15 KDirStat: Arbitrary command execution Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact : A local attacker could possibly execute arbitrary shell command with t...

KDirStat: Arbitrary command execution

Background KDirStat is a graphical disk usage utility for KDE. Description Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands. Impact A local attacker could possibly execute arbitrary shell command with the privileges of the process. Workaround...

openSUSE Security Update : nagios-nrpe (openSUSE-SU-2013:0621-1)

NRPE the Nagios Remote Plug-In Executor allows the passing of $ to plugins/scripts which, if run under bash, will execute that shell command under a subprocess and pass the output as a parameter to the called script. Using this, it is possible to get called scripts, such as checkhttp, to execute...

CVE-2013-7323

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

CVE-2013-7323

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

CVE-2014-3789

GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors...

IBM Lotus Protector for Mail Security Multiple Vulnerabilities

A version of IBM Lotus Protector for Mail Security is installed on the remote host that is affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the Admin Web UI. CVE-2014-0884 - An unspecified cross-site request forgery vulnerability exists in the...

Zamfoo 12.6 Arbitrary Command Execution

Title: Zamfoo Multiple Arbitrary Command Executions Author: Al-Shabaab Vendor Homepage:http://www.zamfoo.com/ Version: 12.6 Intro The ZamFoo software suite is a series of WHM plugin modules also known as WHM addon modules catered towards easing the burden of web hosting providers that sell shared...

MGASA-2014-0202 Updated rxvt-unicode packages fix CVE-2014-3121

Updated rxvt-unicode package fixes security vulnerability: rxvt-unicode aka urxvt before 9.20 is vulnerable to a user-assisted arbitrary commands execution issue. This can be exploited by the unprocessed display of certain escape sequences in a crafted text file or program output. Arbitrary comma...

CVE-2013-7221

The automatic screen lock functionality in GNOME Shell aka gnome-shell before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation...

CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...

UBUNTU-CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...

CVE-2013-7221

Technical details about CVE-2013-7221 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...