Huawei UMA suffers from command line injection vulnerability (CNVD-2016-06968)

Huawei UMA Unified Maintenance Audit is a unified audit system. It provides a unified O&M operation portal, controls and records O&M operations performed by users, and supports auditing by command view and video playback. A command execution vulnerability exists in Huawei UMA. As the system does...

BitTorrent/uTorrent URI Protocol Command Line Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Symantec Encryption Management Server Database Backup Command Line Injection and Email Header Inject

SUMMARY Symantec Encryption Management Server is susceptible to a shell command line injection when an authorized, but less privileged administrator, is submitting a request for a database backup. This could potentially result in the malicious administrator gaining privileged access on the server...

JAVA Web Start Arbitrary command-line injection

No description provided by source. Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common 0day++ tweet. The method in which Java Web Start support has bee...

[SECURITY] [DSA 2739-1] cacti security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2739-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff August 21, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2739-1 (cacti - several vulnerabilities)

Two security issues SQL injection and command line injection via SNMP settings were found in Cacti, a web interface for graphing of monitoring systems. OpenVAS Vulnerability Test $Id: deb2739.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2739-1 using nvtgen 1.0 Script...

DSA-2739-1 cacti - several

Bulletin has no description...

Debian: Security Advisory (DSA-2739-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Request Tracker 3.x < 3.8.15 / 4.x < 4.0.8 Multiple Vulnerabilities

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is version 3.x prior to 3.8.15 or version 4.x prior to 4.0.8. It is, therefore, potentially affected by the following vulnerabilities : - Users can inject arbitrary...

RHEL 5 : php53 (RHSA-2012:0547)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0547 advisory. - php: command line arguments injection when run in CGI mode VU520827 CVE-2012-1823 Note that Nessus has not tested for this issue but has instead...

php: command line arguments injection when run in CGI mode (VU#520827)

sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string,...

Sun Java Web Start Plugin - Command Line Argument Injection (2012) (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Sun Java Web...

Sun Java - Web Start Plugin Command Line Argument Injection (Metasploit)

$Id: javawsarginjectaltjvm.rb 10404 2010-09-21 00:13:30Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Java: Java Web Start arbitrary command line injection

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

Oracle Java Web Start Launch Command-Line Injection (CVE-2010-0886; CVE-2010-0887; CVE-2010-1423)

The Oracle Java Web Start is a component of the Java 2 Runtime Environment JRE. It facilitates network deployment of applications developed with the Java programming language. This component enables stand-alone Java applications to be downloaded from a remote network location and run on a target...

Java: Java Web Start arbitrary command line injection

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

JAVA web start arbitrary command-line injection - &quot;-XXaltjvm&quot; arbitrary dll loading &#40;0day&#41;

HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...

JAVA Web Start Arbitrary Command-Line Injection

Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I posted the common "0day++" tweet. The method in which Java Web Start support has been added to the JRE is not less th...

JAVA Web Start Arbitrary command-line injection

Exploit for multiple platform in category remote exploits =============================================== JAVA Web Start Arbitrary command-line injection =============================================== Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java...

Sun Java Web Start Plugin - Command Line Argument Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Sun Java Web Start Plugin Command Line Argument Injection', 'Description' = %q This module exploits a flaw in the Web Start...