Microsoft Office Security Feature Bypass Vulnerability (CNVD-2016-12461)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security feature bypass vulnerability exists in Microsoft Office software, which stems from the program...

CVE-2016-9796

Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods AddJobSet, AddJob, and ExecuteNow that can be used to run arbitrary commands on the...

GLSA-201611-05 : tnftp: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201611-05 tnftp: Arbitrary code execution The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact : A remote attacker could possibly execute arbitrary code with the privilege...

FreePBX Framework remotemod Parameter Remote Command Execution

A remote command execution vulnerability exists in FreePBX. The vulnerability is due to lack of sanitization for 'remotemod' parameter. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary command in the security context of the affected service...

KDE kdesu Arbitrary Command Execution Vulnerability

KDE kdesu is a graphical front-end to the su1 command that allows KDE programs to execute commands with elevated privileges. An arbitrary command execution vulnerability exists in KDE kdesu that stems from the program failing to adequately filter user-submitted input. An attacker could exploit th...

Apache Mina 2.0.13 - Remote Command Execution Exploit

Exploit for multiple platform in category remote exploits Source: https://remoteawesomethoughts.blogspot.com/2016/09/apache-mina-2013-remote-command.html Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this...

CA eHealth Arbitrary Command Execution Vulnerability

CA eHealth is CA's suite of software for intelligently managing complex IT environments through the IT infrastructure. The software supports monitoring, collecting and analyzing network information from network performance, virtual systems and Cisco Unified Computing Systems to provide real-time...

Drupal CODER Module Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a Remote Command Execution vulnerability in Drupal CODER...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Drupal Module CODER 2.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploi...

HP Data Protector A.09.00 - Arbitrary Command Execution

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Data Protector Encrypted Communications Date: 26-05-2016 Exploit Author: Ian Lovering Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/ Version: A.09.00 and...

CouchDB未授权访问导致的任意系统命令执行漏洞

详情来源：阿里云安全 0x01 漏洞的来龙去脉 CouchDB 是一个开源的面向文档的数据库管理系统，可以通过 RESTful JavaScript Object Notation JSON API 访问。CouchDB会默认会在5984端口开放Restful的API接口，用于数据库的管理功能。 那么，问题出在哪呢？翻阅官方描述会发现，CouchDB中有一个QueryServer的配置项，在官方文档中是这么描述的： CouchDB delegates computation of design documents functions to external query servers...

IBM Security Identity Manager Virtual Appliance Arbitrary Command Execution Vulnerability

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

IBM QRadar SIEM Web UI Arbitrary Command Execution Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A security...

Seeds acmailer Arbitrary Command Execution Vulnerability

Seeds acmailer is a suite of mobile email applications from Seeds Japan. A security vulnerability exists in Seeds acmaile that allows remote attackers to submit a special request to execute arbitrary OS commands...

FTPShell client buffer overflow vulnerability

FTPShell client is a file transfer program for windows platform. A cache overflow entry exists in the input field 'Address' used to connect to an FTP server in the FTPShell.exe client. The vulnerability is exploited to execute arbitrary local commands by overwriting multiple stack registers and...

Zhongkexinye Network Sentry Arbitrary Command Execution Vulnerability (CNVD-2015-07915)

ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing, and is deployed as a bypass at the network egress. ZKXN Network Sentry suffers from an arbitrary command execution vulnerability. An attacker can exploit the vulnerability to...

Mageia: Security Advisory (MGASA-2015-0314)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2014-9727

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm...

BSD x64 Execute Command

Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exec ---- Executes an arbitrary command. module MetasploitModule CachedSize = 31 include Msf::Payload::Single include Msf::Payload::Bsd def...