7629 matches found
PineApp Mail-SeCure livelog.html Arbitrary Command Execution
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the livelog.html component, due to the insecure usage of the shellexec php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires Metasploi...
PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the ldapsyncnow.php component, due to the insecure usage of the shellexec php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires...
PineApp Mail-SeCure test_li_connection.php Arbitrary Command Execution
This module exploits a command injection vulnerability on PineApp Mail-SeCure 3.70. The vulnerability exists on the testliconnection.php component, due to the insecure usage of the system php function. This module has been tested successfully on PineApp Mail-SeCure 3.70. This module requires...
Apache 2.0.x < 2.0.65 Multiple Vulnerabilities
According to its banner, the version of Apache 2.0.x running on the remote host is prior to 2.0.65. It is, therefore, affected by several vulnerabilities : - A flaw exists in the byte-range filter, making it vulnerable to denial of service. CVE-2011-3192 - A flaw exists in 'modproxy' where it...
Apache 2.2.x < 2.2.25 Multiple Vulnerabilities
According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.25. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the 'RewriteLog' function where it fails to sanitize escape sequences from being written to log files,...
Oracle Linux 5 : Moderate: / vim (ELSA-2007-0346)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0346 advisory. 7.0.109-3.3 - use gzip -9n to avoid multilib fileconflicts 7.0.109-3.2 - Let 'modeline' default to off for root - Resolves: bz238259 7.0.109-3.1 - fix modeline...
Novell iPrint Client IPP Response URI handling buffer overflow
Added: 07/05/2013 CVE: CVE-2013-1091 BID: 59612 OSVDB: 92938 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability within the handling...
Novell iPrint Client IPP Response URI handling buffer overflow
Added: 07/05/2013 CVE: CVE-2013-1091 BID: 59612 OSVDB: 92938 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability within the handling...
InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)
require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. , 'Author' = 'AkaStep', Vulnerability discovery and PoC 'Ricar...
InstantCMS 1.6 Remote PHP Code Execution Vulnerability
This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command...
MGASA-2013-0174 Updated apache packages fix security vulnerabilities
It was found that modrewrite did not filter terminal escape sequences from its log file. If modrewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the modrewrite log file. If a victim viewed the...
Siemens Solid Edge WPHelper ActiveX Control OpenInEditor Method Arbitrary Command Execution
The remote host has the Siemens Solid Edge WebPartHelper ActiveX control installed. This control is affected by a command execution vulnerability. By tricking a user into opening a specially crafted web page, an attacker could potentially execute arbitrary system commands via the 'OpenInEditor'...
Internet Explorer VML Dashstyle Attributes Integer Overflow
Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...
Internet Explorer VML Dashstyle Attributes Integer Overflow
Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...
Internet Explorer VML Dashstyle Attributes Integer Overflow
Added: 06/03/2013 CVE: CVE-2013-2551 BID: 58570 OSVDB: 91197 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem An integer overflow vulnerability in vml.dll when processing dashstyle attributes of certain VML elements in a web page allows arbitrary command...
CVE-2013-3666
CVE-2013-3666 affects LG’s Hidden Menu component on Android for the LG Optimus G E973. The vulnerability allows physically proximate attackers to execute shell commands by entering USB Debugging mode and using adb to establish a USB connection, dialing 3845#*973#, navigating to WLAN Test > Wi‑...
Arbitrary Commands Execution Vulnerability in JP1/Integrated Management - TELstaff Alarm View
Overview JP1/Integrated Management - TELstaff Alarm View contains a vulnerability where arbitrary commands may be executed with administrator privilege. Impact A remote user could execute arbitrary commands with administrator privilege by sending an unexpected and crafted message. Solution Please...
Medium: httpd
Issue Overview: Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the...
CentOS Update for httpd CESA-2013:0815 centos5
Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0815 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
CentOS Update for httpd CESA-2013:0815 centos6
Check for the Version of httpd OpenVAS Vulnerability Test CentOS Update for httpd CESA-2013:0815 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...