ZEN Load Balancer - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/55638/info ZEN Load Balancer is prone to the following security vulnerabilities: 1. Multiple arbitrary command-execution vulnerabilities 2. Multiple information-disclosure vulnerabilities 3. An arbitrary file-upload vulnerability An attacker can exploit...

ZEN Load Balancer Multiple Security Vulnerabilities - Active Check

ZEN Load Balancer is prone to the following security vulnerabilities: - Multiple arbitrary command execution vulnerabilities - Multiple information disclosure vulnerabilities - An arbitrary file upload vulnerability SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpt...

Webmin /file/show.cgi Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...

Slackware: Security Advisory (SSA:2011-096-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2012-3866 · Digium · Asterisk Digiumphones +3

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.8.x through 1.8.15.0 Asterisk Open Source versions 10.x through 10.7.0 Certified Asterisk version 1.8.11 through 1.8.11-cert5 Asterisk Digiumphones versions 10.x.x-digiumphones through 10.7.0-digiumphones...

Zabbix Server Arbitrary Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Zabbix Server Arbitrary Command...

Zabbix Server - Arbitrary Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Zabbix Server Arbitrary Command...

Zabbix Server Arbitrary Command Execution

This module abuses the "Command" trap in Zabbix Server to execute arbitrary commands without authentication. By default the Node ID "0" is used, if it doesn't work, the Node ID is leaked from the error message and exploitation retried. According to the vendor versions prior to 1.6.9 are vulnerabl...

FreeBSD : rssh -- arbitrary command execution (65b25acc-e63b-11e1-b81c-001b77d09812)

Derek Martin rssh maintainer reports : Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is t...

Umbraco codeEditorSave.asmx SaveDLRScript Operation Traversal File Upload Arbitrary Command Execution

The version of Umbraco installed on the remote host allows unauthenticated remote attackers to upload arbitrary files using the 'SaveDLRScript' SOAP action of the 'codeEditorSave.asmx' script. In addition, these files can be stored in a web-accessible location using encoded traversal strings. The...

Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64

An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. CVE-2008-4690 Note: In these updated lynx...

Zenoss 3.2.1 - Multiple Vulnerabilities

Zenoss 3.2.1 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/54793/info Zenoss is prone to the following security vulnerabilities: 1. Multiple arbitrary command-execution vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An open-redirection vulnerability 4. Multip...

Zenoss 3.2.1 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/54793/info Zenoss is prone to the following security vulnerabilities: 1. Multiple arbitrary command-execution vulnerabilities 2. Multiple HTML-injection vulnerabilities 3. An open-redirection vulnerability 4. Multiple directory-traversal vulnerabilities 5...

CVE-2012-3241

CVE-2012-3241 affects the VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2. The vulnerability arises from improper authentication of SOAP requests, allowing remote attackers to execute arbitrary VMware Broker API commands. Documents do not provide exploitation details or a published fix/v...

Python Untrusted Search Path / Code Execution

Exploit Title: Python untrusted search path/code execution vulnerability Date: 7.6.12 Exploit Author: rogueclown Vendor Homepage: http://www.python.org Software Link: http://www.python.org/getit/releases/ Version: python 2.7.2 and python 3.2.1 Tested on: linux my test machine was OpenSUSE 12.1 Th...

Basilic diff.php Command Injection

Basilic, a bibliography server for research laboratories, has a command injection vulnerability. Input to the file parameter of diff.php is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network...

FreeBSD : rubygem-mail -- multiple vulnerabilities (3d55b961-9a2e-11e1-a2ef-001fd0af1a4c)

rubygem-mail -- multiple vulnerabilities Two issues were fixed. They are a file system traversal in filedelivery method and arbitrary command execution when using exim or sendmail from the command line. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Command Injection Vulnerability

A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 30088 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.3 and earlier; PAN-OS 3.1.9 and earlier. Work...

Command Injection Vulnerability

A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 31091 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier. Work...

Command Injection Vulnerability

A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 31116 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. The attacker must still be an...