7629 matches found
CentOS Update for lftp CESA-2009:1278 centos5 i386
Check for the Version of lftp OpenVAS Vulnerability Test CentOS Update for lftp CESA-2009:1278 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CentOS Update for xterm CESA-2009:0018 centos3 i386
Check for the Version of xterm OpenVAS Vulnerability Test CentOS Update for xterm CESA-2009:0018 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CMSPro! 2.08 - Cross-Site Request Forgery
CMSPro! 2.08 CSRF Vulnerability Title : CMSPro! 2.08 Cross Site Request Forgery CSRF Vulnerability Software : CMSPro! Version : 2.08 Site : http://www.wojoscripts.com/cmspro/ or http://codecanyon.net/item/cms-pro-lightweight-content-management-system/140078 Author : Xadpritox Email :...
PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0
The specialists of the Positive Research center have revealed an arbitrary code execution vulnerability in ManageEngine ServiceDesk Plus. If Microsoft SQL Server is used as application database server, insufficient validation of input settings for /CustomReporthandler.do script that is use to...
Symantec Backup Exec Products Arbitrary Command Execution vulnerability
Symantec Backup Exec Products is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Spreecommerce api/orders.json Search Function Arbitrary Command Execution
The remote web server hosts Spree, an open source e-commerce application for Ruby on Rails. The version of this application installed on the remote host has a flaw in the third-party 'rdsearchlogic' Ruby gem. An unauthenticated, remote attacker can inject arbitrary Ruby code via the...
Spreecommerce Arbitrary Command Execution
$Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Spreecommerce < 0.50.0 Arbitrary Command Execution
Exploit for unix platform in category remote exploits $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...
Spreecommerce < 0.50.0 - Arbitrary Command Execution (Metasploit)
$Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
HTB22924: Arbitrary Command Execution in phpAlbum.net
Vulnerability ID: HTB22924 Reference: http://www.htbridge.ch/advisory/arbitrarycommandexecutioninphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: Arbitrary Command Executio...
Red Hat Enterprise Linux logrotate任意执行命令及信息泄露漏洞
CVE ID: CVE-2011-1155,CVE-2011-1154,CVE-2011-1098 logrotate程序可简化多个日志文件的管理,允许日志文件的自动循环、压缩、删除和 邮寄。 logrotate处理shred指令时存在shell命令注入漏洞,特制日志文件可造成logrotate 以运行logrotate默认root的用户权限执行任意命令。注意:默认没有启用shred指令。 logrotate在创建新日志文件时应用权限的方式中存在竞争条件漏洞,在一些特定配置 中,本地攻击者可利用此漏洞在logrotate应用最终权限之前打开新的日志文件,可导 致泄露敏感信息。...
DEBIAN-CVE-2011-1154
The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...
CVE-2011-1154
The shredfile function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name...
CVE-2011-1154
CVE-2011-1154 affects logrotate up to version 3.7.9. The vulnerability arises in the shred_file function in logrotate.c, where a log filename containing shell metacharacters can allow context‑dependent attackers to execute arbitrary commands. Impact is improvement of command execution risk in fil...
Nostromo 1.9.3 Directory Traversal
Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...
[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution
Advisory: nostromo nhttpd directory traversal leading to arbitrary command execution During a penetration test, RedTeam Pentesting discovered a directory traversal vulnerability leading to arbitrary command execution in the nostromo HTTP server. Details ======= Product: nostromo nhttpd Affected...
Microsoft Remote Desktop Connection Insecure Library Injection
Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...
Microsoft Remote Desktop Connection Insecure Library Injection
Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...
Microsoft Remote Desktop Connection Insecure Library Injection
Added: 03/14/2011 CVE: CVE-2011-0029 BID: 46678 OSVDB: 71014 Background The Windows Remote Desktop allows desktop access to one Windows computer from another Windows computer. Problem A library loading vulnerability in the Remote Desktop Client allows arbitrary command execution when a user opens...
Accellion File Transfer Appliance MPIPE2 - Command Execution (Metasploit)
$Id: accellionftampipe2.rb 11935 2011-03-11 17:37:23Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...