CuteNews <= 1.4.5 Admin Password md5 Hash Fetching Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 // written by Jan...

dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read

No description provided by source. Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v0.6.0 Fixed version: v0.6.1 partial fix Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdf.ph...

phpslash <= 0.8.1.1 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q ?php phpslash = 0.8.1.1 Remote Code Execution Exploit - - - - - - - - - - - - - - - - - - - - - - - - - RCE with no special rights guest. No special PHP conditions required. - - - - - - - - - - - - - - - - - - - - - - - - - 0 It was a private...

point-cli Gem for Ruby /lib/commands/setup.rb Process Table Local Plaintext Credential Disclosure

point-cli Gem for Ruby contains a flaw in /lib/commands/setup.rb that is due to the application exposing credential information in plaintext in the process table. This may allow a local attacker to gain access to credential information...

Juniper Networks Junos OS Exclusive Edit Mode Privilege Escalation Vulnerability

Privilege Escalation in exclusive edit mode SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; if description...

Fedora 20 : php-phpunit-PHPUnit-MockObject-1.2.3-4.fc20 / php-5.5.13-3.fc20 / etc (2014-6901)

29 May 2014, PHP 5.5.13 CLI server : - Fixed bug 67079 Missing MIME types for XML/XSL files. Anatol COM : - Fixed bug 66431 Special Character via COM Interface CPUTF8. Anatol Core : - Fixed bug 65701 copy doesn't work when destination filename is created by tempnam. Boro Sitnikovski - Fixed bug...

Fedora 19 : php-phpunit-PHPUnit-MockObject-1.2.3-4.fc19 / php-5.5.13-3.fc19 / etc (2014-6904)

29 May 2014, PHP 5.5.13 CLI server : - Fixed bug 67079 Missing MIME types for XML/XSL files. Anatol COM : - Fixed bug 66431 Special Character via COM Interface CPUTF8. Anatol Core : - Fixed bug 65701 copy doesn't work when destination filename is created by tempnam. Boro Sitnikovski - Fixed bug...

CVE-2013-2073

The Connected documents confirm CVE-2013-2073 affects the Transifex command-line client, where versions before 0.9 do not validate X.509 certificates, allowing an attacker to MITM-spoof the Transifex server with an arbitrary certificate. Impact is spoofing data-transfer connections due to missing...

Cisco Unified Communications Manager Arbitrary File Read Vulnerability

A vulnerability in the command-line interface CLI of Cisco Unified Communications Manager Cisco UCM could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to incomplete input validation. An attacker could exploit this vulnerability by issuin...

CVE-2014-0880

IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrativ...

Code injection

IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrativ...

CVE-2014-0880

IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of service, via unspecified traffic to the administrativ...

Allied Telesis AT-RG634A Unauthenticated Webshell

Title: Allied Telesis AT-RG634A ADSL Broadband router hidden administrative unauthenticated webshell. Vulnerability Information: - CVE: CVE-2014-1982 - Type of Vulnerability: - CWE-78 : OS Command Injection - CWE-306 : Missing Authentication for Critical Function Affected products: - Allied Teles...

TP-LINK TL-R600VPN V2安全漏洞

TP-LINK TL-R600VPN是千兆比特宽带VPN路由器。 TP-LINK TL-R600VPN V2 140212之前版本在Web CLI、PPTP VPN相关的实现上存在安全漏洞，目前细节未知。 0 TP-LINK TL-R600VPN V2 厂商补丁： TP-LINK ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.tp-link.com/en/support/download/ http://www.tp-link.us/support/download/?model=TL-R600VPN&version=V2...

Palo Alto Networks PAN-OS < 4.0.8 Multiple Vulnerabilities

The remote host is running a version of Palo Alto Networks PAN-OS prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to overly verbose error messages. An attacker can exploit this vulnerability by sending specially crafted...

Palo Alto Networks PAN-OS < 4.0.9 / 4.1.x < 4.1.2 Multiple Command Injections

The remote host is running a version of Palo Alto Networks PAN-OS prior to 4.0.9 / 4.1.2. It is, therefore, affected by multiple command injection vulnerabilities : - A vulnerability exists that allows an authenticated user to inject arbitrary shell commands via the CLI. CVE-2012-6595 /...

CVE-2014-2059

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

Directory traversal

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

CVE-2014-2059

Directory traversal vulnerability in the CLI job creation hudson/cli/CreateJobCommand.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to overwrite arbitrary files via the job name...

CVE-2014-2059

CVE-2014-2059 describes a directory traversal in Jenkins via the CLI CreateJobCommand (hudson/cli/CreateJobCommand.java). The vulnerability allows remote authenticated users to overwrite arbitrary files through the job name, affecting Jenkins before 1.551 and LTS before 1.532.2. Connected sources...