856 matches found
Windows OLE Automation Array command execution
Added: 11/17/2014 CVE: CVE-2014-6332 BID: 70952 OSVDB: 114533 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. Probl...
ActualAnalyzer Lite 2.81 /aa.php 命令执行漏洞
No description provided by source...
HP-UX LPD 命令执行漏洞
No description provided by source...
HybridAuth 2.2.2 /hybridauth/config.php 命令执行漏洞
No description provided by source...
Microsoft IIS4/5 CGI 命令执行漏洞
No description provided by source...
Destoon最新 V5.0-UTF8 正式版命令执行漏洞(后台)
简要描述: RT 详细说明: 后台一处命令执行漏洞,可添加系统账户。 漏洞位于admin/tag.inc.php case 'preview': $db-halt = 0; $destoontask = ''; if$tagcss $tagcss = stripslashes$tagcss; if$taghtmls $taghtmls = stripslashes$taghtmls; if$taghtmle $taghtmle = stripslashes$taghtmle; if$tagcode $tagcode = stripslashes$tagcode; if$tagjs...
Spreecommerce < 0.50.0 Arbitrary Command Execution
No description provided by source. $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...
Apple Mac OS X 10.2 Terminal.APP Telnet Link Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5768/info Mac OS X is the BSD-based operating system distributed and maintained by Apple. It has been discovered that some types of links, when clicked on, may result in the execution of arbitrary commands. Due to the...
NS_ASG 6.3 /device_status.php 命令执行漏洞
No description provided by source...
CVE-2014-2913
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...
innoEDIT 'innoedit.cgi'远程命令执行漏洞
Bugtraq ID:66367 innoEDIT是一款基于WEB的应用。 innoEDIT 'innoedit.cgi'不正确处理提交给'download'参数的数据,允许远程攻击者利用漏洞提交特殊shell元字符,可以WEB权限执行任意命令。 0 innoEDIT 6.2 目前没有详细解决方案提供: http://www.inno.com.mx/innoedit.htm http://www.mtyjet.com/innoedit/innoedit.cgi?download=;id|...
Cross site request forgery (csrf)
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tagipPing request, a different vulnerability than CVE-2013-3581...
fileutils Gem for Ruby file_utils.rb Crafted URL Handling Remote Command Execution
fileutils Gem for Ruby contains a flaw in fileutils.rb. The issue is triggered when handling a specially crafted URL containing a command after a delimiter ;. This may allow a remote attacker to potentially execute arbitrary commands...
WibuKey Runtime WkWin32.dll module DisplayMessageDialog overflow
Added: 12/27/2012 BID: 56678 OSVDB: 87881 Background WibuKey is a software protection and licensing solution. Problem A vulnerability in the WkWin32.dll ActiveX control in WibuKey Runtime allows command execution when a web page calls the DisplayMessageDialog method with a long, specially crafted...
Plone Zope SAXutils Command Execution
Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...
CVE-2011-2660
The CVE-2011-2660 vulnerability affects the vpnc package prior to version 0.5.1-55.10.1 in SUSE Linux Enterprise Desktop 11 SP1, where the modify_resolvconf_suse script may allow remote attackers to execute arbitrary commands via a crafted DNS domain name. Affected product/component: vpnc, vulner...
Oracle Secure Backup Administration preauth Variable Command Injection (CVE-2010-0906)
Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The server allowsfor single point of management of data present on network attached storage NAS devices and distributed hostswhich may have different operating systems. A command execution vulnerability...
Zabbix node_process_command() Function Crafted Request Arbitrary Command Execution
The version of Zabbix server running on the remote host has a command execution vulnerability in the 'processnodecommand' function of 'nodehistory.c'. A remote attacker could exploit this by sending a specially crafted request, resulting in the execution of operating system commands. C Tenable...
Blender .blend File Command Execution Vulnerability
This host is installed with blender and is prone to Remote Command Execution Vulnerability. OpenVAS Vulnerability Test $Id: secpodblendercmdexeclin.nasl 5660 2017-03-21 11:29:28Z cfi $ Blender .blend File Command Execution Vulnerability Authors: Maneesh KB Copyright: Copyright c 2009 SecPod,...
HP OpenView OmniBack II Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'HP OpenView...