Arfaly.js Uploader CSRF Delete File Vulnerability

Exploit for php platform in category web applications | | | | | | | \t // \| || ,||, | |//\ ./||/||| \t |/ || \t \t | / | \ | / | || | | \ /| / | \t | |/| | | | | |/| | || || | | || | | \ \ \t | | | | | | | | | || | | | \t || ||| \ || || || |//|| \/ \t\n \t \n \t Usege : php...

Grandstream GXV3275 SSH Key / Command Execution Vulnerability

Grandstream GXV3275 ships with a default root SSH key which could be used a backdoor. It also suffers from an issue where restricted commands can be leveraged to break out into a full shell. The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this...

Grandstream GXV3275 < 1.0.3.30 - Multiple Vulnerabilities

The Grandstream GXV3275 is an Android-based VoIP phone. Several vulnerabilities were found affecting this device. The device ships with a default root SSH key, which could be used as a backdoor: /system/root/.ssh cat authorizedkeys Public key portion is: ssh-rsa...

SOL16914 - OpenSSL vulnerability CVE-2015-1791

For BIG-IP, Enterprise Manager, and BIG-IQ systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system to the vulnerability. For LineRate systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system...

SOL16915 - OpenSSL vulnerability CVE-2015-1792

For BIG-IP, Enterprise Manager, and BIG-IQ systems, the vulnerable code exists on the system; however, it is not used in the way that exposes the system to the vulnerability. While BIG-IP v12.0.0 ships with an OpenSSL version prior to 1.0.1n, the libraries necessary to fix the issue were merged...

CVE-2015-4237

The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...

Design/Logic Flaw

Cisco NX-OS 6.210 on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856...

Design/Logic Flaw

The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...

CVE-2015-4237

CVE-2015-4237 affects Cisco NX-OS on Nexus switches (NX-OS versions listed in the Cisco/NVD entries). The vulnerability is in the CLI parser where improper validation of special characters in filenames allows an authenticated, local attacker to run arbitrary OS commands, enabling local privilege ...

Cisco Nexus OS Device Command Line Interface Local Elevation of Privilege Vulnerability

Nexus is Cisco's line of network switches designed for data centers. A security vulnerability in the CLI parser of the Cisco Nexus Operating System NX-OS allows an authenticated, local attacker to gain elevated privileges by exploiting this vulnerability...

[SECURITY] Fedora 21 Update: openvas-cli-1.4.1-2.fc21

OpenVAS CLI contains the command line tool "omp" which allows to create bat ch processes to drive OpenVAS Manager...

Fedora Update for openvas-cli FEDORA-2015-10514

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4224

Cisco Wireless LAN Controller WLC devices with software 7.0240.0 allow local users to execute arbitrary OS commands in a privileged context via crafted CLI commands, aka Bug ID CSCuj39474...

Cisco Wireless LAN Controller Command Injection Vulnerability

A vulnerability in the command-line interface CLI processor of the Cisco Wireless LAN Controller WLC could allow an authenticated, local attacker to inject arbitrary commands that are executed with elevated privileges on the underlying operating system. The vulnerability is due to insufficient...

WordPress Revslider Arbitrary File Upload / Download / XSS

Exploit Title : WordPress Revslider Arbitrary File Upload, Download & Cross Site Scripting Google Dork : inurl:"/wp-content/plugins/revslider/" Date : 21-06-2015 Exploit Author : CaFc Versace Vendor Homepage : http://revolution.themepunch.com/ Tested on : Windows 7 Contact :...

CVE-2015-4183

Cisco UCS Central Software 1.21a allows local users to gain privileges for OS command execution via a crafted CLI parameter, aka Bug ID CSCut32795...

CVE-2015-4183

Cisco UCS Central Software 1.2(1a) contains a CLI command-injection vulnerability (CVE-2015-4183) due to insufficient input validation. An authenticated, local attacker could inject arbitrary commands and execute with elevated OS privileges by supplying crafted CLI parameters. Impact includes pot...

[CVE-2015-4107] Wing FTP Server Remote Code Execution vulnerability

Exploit Title: Wing FTP Server Remote Code Execution vulnerability Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Improper Control of Generation of Code CWE-94 CVE...

Juniper Networks Junos OS Multiple Privilege Escalation Vulnerability

Junos OS is prone to multiple privilege escalation vulnerabilities in Junos-CLI. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenVAS - The World's Most Advanced Open Source Vulnerability Scanner and Manager

The Open Vulnerability Assessment System OpenVAS is a framework of several services and tools. The core of this SSL-secured service-oriented architecture is the OpenVAS Scanner. The scanner very efficiently executes the actual Network Vulnerability Tests NVTs which are served with daily updates v...