615 matches found
Changetrack 4.3-3 - Local Privilege Escalation
Changetrack 4.3-3 - Local Privilege Escalation TITLE: Changetrack Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA36756 VERIFY ADVISORY: http://secunia.com/advisories/36756/ DESCRIPTION: A vulnerability has been discovered in Changetrack, which can be exploited by malicious, local users...
Best Dating Script Arbitrary Shell Upload Vulnerability
Exploit for unknown platform in category web applications ======================================================= Best Dating Script Arbitrary Shell Upload Vulnerability ======================================================= =======================================================...
Orbis CMS 1.0 File Manipulation / SQL Injection
Orbis CMS 1.0 AFD/ADF/ASU/SQL Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Dork : Powered by Orbis CMS + Download script : http://www.novo-ws.com/orbis-cms/download.shtml + Arbitrary File Download Arbitrary Delete File + - No login...
Orbis CMS 1.0 (AFD/ADF/ASU/SQL) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =============================================================== Orbis CMS 1.0 AFD/ADF/ASU/SQL Multiple Remote Vulnerabilities =============================================================== + Orbis CMS 1.0 AFD/ADF/ASU/SQL Multiple Remote...
Orbis CMS 1.0 - File Delete Download File Arbitrary File Upload SQL Injection
Orbis CMS 1.0 - File Delete Download File Arbitrary File Upload SQL Injection + Orbis CMS 1.0 AFD/ADF/ASU/SQL Multiple Remote Vulnerabilities + Discovered By SirGod + http://insecurity-ro.org + http://h4cky0u.org + Dork : Powered by Orbis CMS + Download script :...
In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability
Exploit for unknown platform in category web applications ==================================================== In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability ==================================================== ======================================================= +++++++++++++++++++...
openSUSE Security Update : netatalk (netatalk-510)
This update of netatalk adds a filter for characters of user-supplied data to papd. Prior to this update it was possible to execute arbitrary shell commands remotely. CVE-2008-5718 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability
ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...
DSL router remotely controlled by URL
From The H Security Security researcher Michal Sajdak revealed at CONFidence 2009 in Krakow in mid-May that it’s relatively easy to make the Linksys WAG54G2 WLAN DSL router execute arbitrary shell commands. He has now published securitum.pl further details. Sajdak discovered that it’s easy to add...
nagios -- Command Injection Vulnerability
Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploite...
VidShare Pro Arbitrary Shell Upload Vulnerability
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...
VidShare Pro Arbitrary Shell Upload Vulnerability
Exploit for unknown platform in category web applications ================================================= VidShare Pro Arbitrary Shell Upload Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /...
FreeBSD : twiki -- arbitrary shell command execution (b4af3ede-36e9-11d9-a9e7-0001020eed82)
Hans Ulrich Niedermann reports : The TWiki search function uses a user-supplied search string to compose a command line executed by the Perl backtick operator. The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell...
WebFileExplorer 3.1 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. Product Name: WebFileExplorer Version : 3.1 URL : http://www.webfileexplorer.com/ Price : 99 $ USD Credits to : Giovanni Buzzin, "Osirys" osirysatautisticidotorg WebFileExplorer v3.1, is prone to multiple vulnerabilities. At first, an attacker can inject his evi...
WebFileExplorer 3.1 - Authentication Bypass
WebFileExplorer 3.1 - Authentication Bypass Product Name: WebFileExplorer Version : 3.1 URL : http://www.webfileexplorer.com/ Price : 99 $ USD Credits to : Giovanni Buzzin, "Osirys" osirysatautisticidotorg WebFileExplorer v3.1, is prone to multiple vulnerabilities. At first, an attacker can injec...
WebFileExplorer 3.1 - Authentication Bypass
Product Name: WebFileExplorer Version : 3.1 URL : http://www.webfileexplorer.com/ Price : 99 $ USD Credits to : Giovanni Buzzin, "Osirys" osirysatautisticidotorg WebFileExplorer v3.1, is prone to multiple vulnerabilities. At first, an attacker can inject his evil sql code in the login form,...
HP OpenView Network Node Manager webappmon.exe Command Injection (c01661610)
The 'webappmon.exe' CGI script included with the version of HP OpenView Network Node Manager installed on the remote host fails to sanitize user input of shell metacharacters before using it to execute external programs. An unauthenticated, remote attacker can leverage this issue to run arbitrary...
Mandrake Security Advisory MDVSA-2009:033 (sudo)
The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. OpenVAS Vulnerability Test $Id: mdksa2009033.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:033 sudo Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)
Secunia reports : Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system. The 'Install tool' system extension uses...
Debian DSA-1708-1 : git-core - shell command injection
It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities : Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality CVE-2008-5916 . Local...