615 matches found
TomatoCart - 'json.php' Security Bypass
source: https://www.securityfocus.com/bid/57156/info TomatoCart is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and create files with arbitrary shell script which may aid in further attacks. TomatoCart versions 1.1.5 and 1.1....
DSA-2598-1 weechat - several
Bulletin has no description...
TomatoCart - json.php Security Bypass
TomatoCart - json.php Security Bypass source: https://www.securityfocus.com/bid/57156/info TomatoCart is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and create files with arbitrary shell script which may aid in further...
TWiki 5.1.2 Command Execution
This security advisory alerts you of a potential security issue with TWiki installations: The %MAKETEXT% TWiki variable allows arbitrary shell command execution. The problem is caused by an underlying security issue in the Locale::Maketext CPAN module. Vulnerable Software Version Attack Vectors...
FreeBSD : weechat -- Arbitrary shell command execution via scripts (81826d12-317a-11e2-9186-406186f3d89d)
Sebastien Helleu reports : Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety. %NASLMINLEVEL 70300 C Tenable Network Security,...
weechat -- Arbitrary shell command execution via scripts
Sebastien Helleu reports: Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety...
Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
This host is missing a critical security update according to Microsoft Bulletin MS12-072. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2012-3537
The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...
Design/Logic Flaw
The Crowbar Ohai plugin chef/cookbooks/ohai/files/default/plugins/crowbar.rb in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names...
CVE-2012-2976
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue...
Microsoft Windows File/Directory Names Handling Arbitrary Command Injection Vulnerability
Description Microsoft Windows is prone to a remote command-injection that affects the Windows Shell component vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands with user-level privileges. This may...
Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload
source: https://www.securityfocus.com/bid/53990/info Zimplit CMS is prone to multiple local file-include vulnerabilities and an arbitrary file-upload vulnerability. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context...
Joomla Joomsport SQL Injection / Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
WordPress WP Easy Gallery 1.8 Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...
Wordpress Plugins (wp-easy-gallery v1.8) Arbitrary Shell Upload
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Command Injection Vulnerability
A vulnerability exists whereby an authenticated user can inject arbitrary shell commands using the device management command line interface. Ref 33080 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.7 an...
OpenEMR 4.1 - Interfacefaxfax_dispatch.php?File exec() Call Arbitrary Shell Command Execution
OpenEMR 4.1 - Interfacefaxfaxdispatch.php?File exec Call Arbitrary Shell Command Execution source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker...
OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution
source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE :...
Zazavi 1.2.1 Cross Site Request Forgery / Shell Upload
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...