7629 matches found
Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities
MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Open Auto Classifieds 1. Advisory Information ---------------------------------------------------------------------------------------------- Title: Multiple security issues in Open Auto Classifieds...
Open Auto Classifieds <= 1.5.9 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ============================================================== Open Auto Classifieds = 1.5.9 Multiple Remote Vulnerabilities ============================================================== MorningStar Security - Advisory...
Acer AcerCtrls.APlunch ActiveX Arbitrary Command Execution
The remote host contains an ActiveX control from Acer called 'AcerCtrls.APlunch'. If this control is distributed with the appropriate 'Implemented Categories' registry key, it may be marked as safe for scripting. This would allow a web page in Internet Explorer to call the control's 'Run' method....
DD-WRT HTTP Daemon Arbitrary Command Execution
This module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account. This module requires Metasploit: https://metasploit.com/download Curre...
openSUSE Security Update : git (git-398)
A malicious repository owner could specify a custom git diff command and therefore could execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update git-398. The text descripti...
CVE-2009-2261
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | pipe characters and a command...
Microsoft PowerPoint Freelance布局解析堆溢出漏洞
BUGTRAQ ID: 35275 CVECAN ID: CVE-2009-0202 Microsoft PowerPoint是微软Office套件中的文档演示工具。 PowerPoint的Freelance Windows 2.1 Translator(FL21WIN.DLL)在解析布局信息时存在数组索引错误,如果用户受骗打开了恶意的PPT文件就可能触发堆溢出,导致执行任意指令。 安装了MS09-017更新的系统默认下会禁用对Freelance文件的支持,但可在注册表中手动重新启用。 Microsoft PowerPoint 2002 Microsoft PowerPoint 2000...
Windows Print Spooler EnumeratePrintShares buffer overflow
Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...
Windows Print Spooler EnumeratePrintShares buffer overflow
Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...
Windows Print Spooler EnumeratePrintShares buffer overflow
Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...
Linksys WAG54G2 Web Management Console Arbitrary Command Exec
No description provided by source. 1. Linksys WAG54G2 router is a popular SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. When logged into web management console, it is possible to execute commands as root tested on firmware: V1.00.10. 3. PoC: GET...
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution 1. ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When...
ASMAX AR 804 gu Web Management Console - Arbitrary Command Execution
ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...
CVE-2009-1669
CVE-2009-1669 affects the Smarty template engine (Smarty 2.6.22) via the smarty_function_math plugin. The vulnerability allows a context-dependent attacker to execute arbitrary commands through shell metacharacters placed in the equation attribute of the math function, enabling remote code execut...
Sun IDM Arbitrary Command Execution
1 Summary Affected Software: Sun IDM 7.1, 8.0 Vendor URL: http://www.sun.com/ Severity: Medium 2 Description Sun Identity Manager facilitates centralized identity provisioning for variety of application and platforms. Its web interface allows end users to request password change. To handle such...
HP-UX Update for dtterm HPSBUX00309
Check for the Version of dtterm OpenVAS Vulnerability Test HP-UX Update for dtterm HPSBUX00309 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...
aMule 'wxExecute()'任意命令执行漏洞
BUGTRAQ ID: 34683 CNCAN ID:CNCAN-2009042301 aMule是一款与eMule类似的电驴下载软件。 aMule不正确过滤部分字符,远程攻击者可以利用漏洞以应用程序权限执行任意命令。 存在问题的代码src/DownloadListCtrl.cpp: command = wxT"xterm -T "aMule Preview" -iconic -e mplayer '$file'"; ... wxString rawFileName = file-GetFullName.GetRaw; command.ReplacewxT"$file",...
Fedora 10 : lynx-2.8.6-18.fc10 (2008-9952)
Fri Nov 7 2008 Jiri Moskovcak - 2.8.6-18 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL thoger Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
CUPS '_cupsImageReadTIFF()'整数溢出漏洞
BUGTRAQ ID: 34571 CVE ID:CVE-2009-0163 CNCVE ID:CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。...
Ubuntu Update for xen-3.0 vulnerability USN-527-1
Ubuntu Update for Linux kernel vulnerabilities USN-527-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5271.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for xen-3.0 vulnerability USN-527-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...