CVE-2017-15359

In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to...

CVE-2017-14754

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Arbitrary File Read: /xAdmin/html/cmdatasourcegroupxsd.jsp, parameter: xsddatasourceschemafile filename. In order for this vulnerability to be...

PT-2017-11634 · Emc · Emc Data Protection Advisor

Name of the Vulnerable Software and Affected Versions: EMC Data Protection Advisor version 6.3.0 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. Authentication is required to exploit this issue. The specific flaw exists within the EMC DPA...

Cisco Unified Customer Voice Portal Elevation of Privilege Vulnerability (CNVD-2017-34209)

Cisco Unified Customer Voice Portal CVP is a unified communications system for providing voice and video self-service from Cisco. An elevation of privilege vulnerability exists in the Operations, Administration, Maintenance, and Provisioning OAMP certificate reset feature in Cisco Unified CVP,...

Trend Micro Mobile Security for Enterprise create_db SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the createdb action. When parsing the...

Trend Micro Mobile Security for Enterprise reinvite_user Id SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the reinviteuser action. When parsing the...

Trend Micro Mobile Security for Enterprise notify_devices_to_scan Device_DeviceDeviceId SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Mobile Security for Enterprise. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the notifydevicestoscan action. When parsing...

CVE-2017-12784

In Youngzsoft CCFile aka CC File Transfer 3.6, by sending a crafted HTTP request, it is possible for a malicious user to remotely crash the affected software. No authentication is required. An example payload is a malformed request header with many '|' characters. NOTE: some sources use this ID f...

CVE-2017-11610

A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...

ARRIS VAP2500 config_wds Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the various txtmac parameters provided to the configwds.php management porta...

UBUNTU-CVE-2017-9774

Remote Code Execution was found in HordeImage 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication...

CVE-2017-9774

Remote Code Execution was found in HordeImage 2.x before 2.5.0 via a crafted GET request. Exploitation requires authentication...

(0Day) Schneider Electric U.motion Builder Local Privilege Escalation Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the system configuration. The web administration account is s...

DEBIAN-CVE-2016-3066

The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

CVE2016-10033 explotation PoC This repository holds the neces...

Trend Micro InterScan Web Security Virtual Appliance PacFileManagement delete_pac_files Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete operation of the PacFileManagement servlet...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration gateChanged Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration manageIP6 Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

Trend Micro InterScan Web Security Virtual Appliance ManageIPConfig setDataIPConfig DNS Information Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ManageIPConfig's setDataIPConfig method. A crafted DN...