7629 matches found
Adobe InDesign Server RunScript Arbitrary Command Execution
The version of Adobe InDesign Server running on the remote host has an arbitrary command execution vulnerability. When the SOAP service is enabled, it processes requests for the RunScript method without requiring authentication. This method can be used to execute arbitrary VBScript on Windows, or...
Nagios XI Autodiscovery Arbitrary Command Execution
An arbitrary command execution vulnerability has been reported in Nagios XI. The vulnerability is due to insufficient validation of incoming requests sent to the Autodiscovery module. The vulnerability can be exploited by an authenticated attacker by submitting a maliciously crafted job to the...
rsh Excessive Trust Vulnerability
Added: 01/25/2013 CVE: CVE-1999-0515 Background The rsh service allows remote users, using an rsh client, to execute individual shell commands on an rsh server without the need for a password. The rsh process uses the .rhosts file to list trusted hosts those machines allowed to use the service...
Nagios XI Graph Explorer Component OS Command Injection Vulnerability
Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...
Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
source: https://www.securityfocus.com/bid/57300/info Microsoft Lync is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...
VoipNow Service Provider Edition - Arbitrary Command Execution
VoipNow Service Provider Edition - Arbitrary Command Execution source: https://www.securityfocus.com/bid/57032/info VoipNow Service Provider Edition is prone to a remote arbitrary command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit th...
Samsung Kies Arbitrary Command Execution (CVE-2012-3807)
An arbitrary command execution vulnerability has been reported in Samsung Kies. The vulnerability is due to insufficient validation of incoming requests. A remote attacker can exploit this vulnerability by enticing a target user to visit a specially crafted web page using an affected version of...
HP Operations Agent for NonStop Server ELinkService HEALTH packet buffer overflow
Added: 10/26/2012 BID: 55161 OSVDB: 84854 Background HP Operations Agents is a fault and performance monitoring solution for servers. Problem A buffer overflow vulnerability in HP Operations Agent for NonStop server allows an attacker to execute arbitrary commands by sending a specially crafted...
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...
Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload
Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...
AjaXplorer - 'checkInstall.php' Remote Command Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...
AjaXplorer checkInstall.php Remote Command Execution
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
AjaXplorer checkInstall.php Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...
AjaXplorer checkInstall.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
UBUNTU-CVE-2012-4463
Midnight Commander mc 4.8.5 does not properly handle the 1 MCEXTSELECTED or 2 MCEXTONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name...
ViArt Shop Enterprise 4.1 Arbitrary Command Executio
?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line...
ViArt Shop Enterprise 4.1 Arbitrary Command Execution / XSS Vulnerabilities
Exploit for php platform in category web applications ?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide...
ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability
Summary Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line business. Description Input passed to the 'DATA' POST parameter in 'sipsresponse.php' is not properly sanitised before being used to process product payment data. This can be...
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution ?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provi...
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
?php / ViArt Shop Enterprise 4.1 Arbitrary Command Execution Vulnerability Vendor: ViArt Software Product web page: http://www.viart.com Affected version: 4.1, 4.0.8, 4.0.5 Summary: Viart Shop is a PHP based e-commerce suite, aiming to provide everything you need to run a successful on-line...