7630 matches found
Dell KACE K2000 < 3.3.52857 Multiple Vulnerabilities
The remote Dell KACE K2000 appliance is affected by multiple vulnerabilities : - The appliance stores the recovery account password in plaintext within a PHP script. CVE-2011-4046 - The appliance can allow arbitrary command execution by leveraging database write access. CVE-2011-4047 - An...
NETGEAR D6300B - diag.cgi?IPAddr4 Remote Command Execution
NETGEAR D6300B - diag.cgi?IPAddr4 Remote Command Execution source: https://www.securityfocus.com/bid/65444/info The Netgear D6300B router is prone to the following security vulnerabilities: 1. Multiple unauthorized-access vulnerabilities 2. A command-injection vulnerability 3. An information...
Skybluecanvas CMS - Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SkyBlueCanvas CMS Remote Code Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in...
SkyBlueCanvas CMS Remote Code Execution Exploit
This Metasploit module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3...
SkyBlueCanvas CMS Remote Code Execution
This module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SkyBlueCanvas CMS Remote Co...
echor Gem for Ruby backplane.rb perform_request Function Arbitrary Command Execution
Echor Gem for Ruby contains a flaw in backplane.rb in the performrequest function that is triggered when a semi-colon ; is injected into a username or password. This may allow a context-dependent attacker to inject arbitrary commands if the gem is used in a rails application...
Hewlett-Packard Data Protector Backup Client Service EXEC_BAR Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute remote code on vulnerable installations of HP Data Protector. Authentication is not required to exploit this vulnerability. This specific flaw exists in the Backup Client Service OmniInet.exe. The Backup Client Service listens on TCP port 5555...
Webbynode Ruby Gems命令注入漏洞
Bugtraq ID:64289 CVE ID:CVE-2013-7086 Ruby Gem Webbynode是一款让用户部署应用至Webbynode平台的工具。 Ruby Gem Webbynode没有正确过滤通过growlnotify命令所提交的消息,如果消息中包含shell元字符,可以应用程序上下文执行任意命令。 0 Ruby Gem Webbynode 1.0.5.3 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://rubygems.org/gems/webbynode...
iScripts AutoHoster - 'tmpid' Local File Inclusion
source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit laten...
iScripts AutoHoster - 'fname' Local File Inclusion
source: https://www.securityfocus.com/bid/64377/info iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit laten...
齐博CMS 任意命令执行
No description provided by source...
CVE-2013-6421
The CVE-2013-6421 entry concerns the sprout Ruby gem (archive_unpacker.rb, unpack_zip) in version 0.7.246. The vulnerability allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path, due to insufficient sanitization of inputs (zip_fil...
Webbynode Gem for Ruby notify.rb growlnotify Message Handling Arbitrary Command Execution
Webbynode Gem for Ruby contains a flaw in notify.rb that is triggered when handling a specially crafted growlnotify message. This may allow a context-dependent attacker to execute arbitrary commands...
D-Link DSR Router Remote Root Shell
!/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N Firmware v1.08B44 D-Link DSR-500 and...
CVE-2013-4457
CVE-2013-4457 affects the Cocaine gem for Ruby, specifically versions 0.4.0 through 0.5.2. The vulnerability allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation. Affects the gem’s handling of interpolated variables...
Moodle Remote Command Execution
Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the...
Multiple Vulnerabilities in Cisco Identity Services Engine
Cisco Identity Services Engine ISE contains the following vulnerabilities: Cisco ISE Authenticated Arbitrary Command Execution Vulnerability Cisco ISE Support Information Download Authentication Bypass Vulnerability These vulnerabilities are independent of each other; a release that is affected b...
Sophos Web Protection Appliance sblistpack Arbitrary Command Execution (CVE-2013-4983)
A command injection vulnerability has been reported in Sophos Web Protection Appliance. The vulnerability is due to sblistpack component, reachable from the web interface without authentication. An unauthenticated remote attacker could execute arbitrary OS commands on the Sophos appliance...
CVE-2013-2578
cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 allows remote attackers to execute arbitrary commands via shell metacharacters in 1 the ServerName parameter and 2 other unspecified...
Arbitrary Commands Execution Vulnerability in JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2
Overview The JP1/Automatic Job Management System 3 and JP1/Automatic Job Management System 2 contain a vulnerability where arbitrary commands may be executed when they receive request messages from unexpected hosts in the network. Impact Malicious users can exploit this vulnerability to execute...