7629 matches found
CVE-2010-3313
phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...
Apple Mac OSX Software Update - Command Execution (Metasploit)
$Id: softwareupdate.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Ubuntu 10.04 LTS : mountall vulnerability (USN-985-1)
Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user. Note that Tenable Network Security has extracted the preceding descripti...
GLSA-201009-02 : Maildrop: privilege escalation
The remote host is affected by the vulnerability described in GLSA-201009-02 Maildrop: privilege escalation Christoph Anton Mitterer reported that maildrop does not properly drop its privileges when run as root. Impact : A local attacker could create a specially crafted .mailfilter file, possibly...
Snort Report < 1.3.2 nmap.php target Parameter Arbitrary Command Execution Vulnerability
Snort Report is prone to a vulnerability that lets attackers execute arbitrary code. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl CPE =...
SnortReport nmap.php target Parameter Arbitrary Command Execution
The remote web server hosts SnortReport, an add-on module for Snort. The version of this application installed on the remote host fails to sanitize input to the 'target' parameter of the 'nmap.php' script before using it in a call to the PHP 'exec' function. An unauthenticated, remote attacker ca...
Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
Symantec Systems Center provides centralized systems and policy management for Norton Antivirus Enterprise Solution across multiple Windows NT and NetWare networks. The Symantec Systems Center includes an optional component called the Alert Management System AMS2. An arbitrary command execution...
TCMS 100728 Cross Site Scripting / Local File Inclusion / SQL Injection
===================================== Vulnerability ID: HTB22571 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityintcms.html Product: TCMS Vendor: Target CMS http://targetcms.com/ Vulnerable Version: 100728 and Probably Prior Versions Vendor Notification: 09 August 2010...
Ghostscript Arbitrary Command Execution Vulnerability
This host is installed with Ghostscript and is prone to arbitrary command execution vulnerability. OpenVAS Vulnerability Test $Id: gbghostscriptcmdexecvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ Ghostscript Arbitrary Command Execution Vulnerability. Authors: Madhuri D Copyright: Copyright c 2010...
Ghostscript Arbitrary Command Execution Vulnerability
Ghostscript is prone to an arbitrary command execution vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2010-2055
Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...
The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)
$Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit)
$Id: awstatsmigrateexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Fedora 11 : bltk-1.0.8-3.fc11 (2010-1327)
Fix arbitrary command execution as root Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
irc-unrealircd-backdoor NSE Script
Checks if an IRC server is backdoored by running a time-based command ping and checking how long it takes to respond. The irc-unrealircd-backdoor.command script argument can be used to run an arbitrary command on the remote system. Because of the nature of this vulnerability the output is never...
CVE-2010-1622: Spring Framework execution of arbitrary code
CVE-2010-1622: Spring Framework execution of arbitrary code Severity: Critical Vendor: SpringSource, a division of VMware Versions Affected: 3.0.0 to 3.0.2 2.5.0 to 2.5.6.SEC01 community releases 2.5.0 to 2.5.7 subscription customers Earlier versions may also be affected Description: The Spring...
Microsoft Help Center XSS and Command Execution
$Id: ms10xxxhelpctrxsscmdexec.rb 9518 2010-06-15 05:44:29Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
GLSA-201006-21 : UnrealIRCd: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201006-21 UnrealIRCd: Multiple vulnerabilities Multiple vulnerabilities have been reported in UnrealIRCd: The vendor reported a buffer overflow in the user authorization code CVE-2009-4893. The vendor reported that the distributed...
CVE-2010-2060
The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatchcmd function in prot.c...
openMairie openCimetiere Multiple File Inclusion Vulnerabilities
openMairie openCimetiere is prone to multiple file inclusion vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...