631 matches found
ArubaOS Arbitrary Code Execution Vulnerability
Aruba OS is the operating system and application engine for all Aruba mobile controllers and access units. A security vulnerability in the ArubaOS "RAP console" feature on Aruba access points in Remote Access Point AP mode could be exploited by an attacker to conduct an arbitrary command executio...
CM Download Manager <= 2.0.0 - Unauthenticated Code Injection
The plugin does not validate and sanitise the CMDsearch parameter which used to create a custom function. This allows attacker to run arbitrary command on the remote server PoC GET /cmdownloads/?CMDsearch=".phpinfo." HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:33....
kde-workspace -- privilege escalation
David Edmundson reports: KDE workspace configuration module for setting the date and time has a helper program which runs as root for performing actions. This is secured with polkit. This helper takes the name of the ntp utility to run as an argument. This allows a hacker to run any arbitrary...
HP Data Protector EXEC_INTEGUTIL Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector EXECINTEGUTIL Remote Code Execution', 'Description' = %q This exploit abuses a vulnerability in the HP Data...
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' = 'EMC AlphaStor Device Manager Opcode 0x75 Command Injection',...
JVN#87863382: N-Media file uploader vulnerability in handling uploaded files
N-Media file uploader is a plugin for WordPress. N-Media file uploader contains a vulnerability CWE-264 in the way it handles uploaded files. As a result, an arbitrary PHP script which is uploaded may be executed. Impact A user with "Author" privileges and above may execute an arbitrary command o...
EMC AlphaStor Device Manager Opcode 0x75 Command Injection
require 'msf/core' class Metasploit3 'EMC AlphaStor Device Manager Opcode 0x75 Command Injection', 'Description' = %q This module exploits a flaw within the Device Manager rrobtd.exe. When parsing the 0x75 command, the process does not properly filter user supplied input allowing for arbitrary...
Design/Logic Flaw
GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...
Microsoft Internet Explorer 5 ShowHelp Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6780/info Microsoft Internet Explorer implements the showHelp function as a means of displaying help content contained in HTML pages. However, this function is capable of performing too many other actions outside of its...
AWStats Totals <= 1.14 multisort - Remote Command Execution
No description provided by source. $Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...
Gitorious Arbitrary Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Basilic 1.5.14 diff.php Arbitrary Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
E-theni Remote Include Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6970/info E-theni may allow inclusion of malicious remote files. This is due to remote users being able to influence the include path of an external file 'paralangue.php' referenced by the 'afflistelangue.php' script. Thi...
Solaris <= 8.0 - LPD Command Execution
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Halloween Linux 4.0,RedHat Linux 6.1/6.2 imwheel Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/1060/info A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string...
Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit
No description provided by source. ?!/usr/bin/env python Lunar CMS 3.3 Unauthenticated Remote Command Execution Exploit Vendor: Lunar CMS Product web page: http://www.lunarcms.com Affected version: 3.3 Summary: Lunar CMS is a freely distributable open source content management system written for...
EZPZ One Click Backup Plugin for WordPress 'cmd' Parameter Remote Command Execution
The EZPZ One Click Backup Plugin for WordPress installed on the remote host is affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'cmd' parameter in the ezpz-archive-cmd.php script. An unauthenticated, remote attacker can exploit...
OS command injection flaw in awesome_spawn
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments, e.g. AwesomeSpawn.run'ls',:params = '-l' = ";touch haxored". If untrusted input was included in command arguments, attacker could use this flaw to execute...
HP Data Protector EXEC_BAR Remote Command Execution
import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Tested On: Windows Server 2003, Windows Server 2008 R2...
HP Data Protector - 'EXEC_BAR' Remote Command Execution
import argparse import socket """ Exploit Title: HP Data Protector EXECBAR Remote Command Execution Exploit Author: Chris Graham @cgrahamseven CVE: CVE-2013-2347 Date: February 14, 2014 Vendor Homepage: www.hp.com Version: 6.10, 6.11, 6.20 Tested On: Windows Server 2003, Windows Server 2008 R2...