1885 matches found
CVE-2012-0175
The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a 1 file or 2 directory, aka "Command Injection Vulnerability."...
CVE-2012-2516
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module aka the HTML Help component, as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other...
CVE-2012-2516
The CVE-2012-2516 issue is an ActiveX-based command-injection vulnerability in KeyHelp.ocx of GE Intelligent Platforms’ KeyWorks KeyHelp module, affecting Proficy Historian (3.1, 3.5, 4.0, 4.5), Proficy HMI/SCADA – iFIX (5.0, 5.1), Proficy Pulse 1.0, Proficy Batch Execution 5.6, and SI7 I/O Drive...
Basilic diff.php Command Injection
Basilic, a bibliography server for research laboratories, has a command injection vulnerability. Input to the file parameter of diff.php is not properly sanitized. A remote, unauthenticated attacker could exploit this to execute arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network...
Command Injection Vulnerability
A vulnerability exists whereby an unauthenticated user can inject commands as root on the device. Ref 31091 This vulnerability can result in arbitrary command execution, and can result in total compromise of the device. This issue affects PAN-OS 4.0.4 and earlier; PAN-OS 3.1.9 and earlier. Work...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...
CVE-2012-1843
Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...
Symantec System Center Alert Management System - 'hndlrsvc.exe' Arbitrary Command Execution (Metasploit)
$Id: amshndlrsvc.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability
The host is running Kerio Mail Server/Connect and is prone to plaintext command injection vulnerability. OpenVAS Vulnerability Test $Id: secpodkerioproductsstarttlscmdinjvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Kerio Products 'STARTTLS' Plaintext Command Injection Vulnerability Authors: Soora...
CVE-2011-0456
webscript.pl in Open Ticket Request System OTRS 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."...
CVE-2010-3037
CVE-2010-3037 affects Cisco Unified Videoconferencing (UVC) products (5110/5115 Linux; 3545, 5230 VxWorks; 3527 PRI Gateway; 3522 BRI Gateway; 3515 MCU). The flaw is a remote command-injection in the web interface via the /goform/websXMLAdminRequestCgi.cgi, allowing an authenticated administrator...
phpThumb < 1.7.9 Command Injection Vulnerability
phpThumb is prone to a command injection vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...
Command injection
FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command...
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
Cherokee is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to execute arbitrary commands in a terminal. Cherokee 0.99.30 and prior are vulnerable. OpenVAS Vulnerability Test $Id: cherokee37715.na...
JVN#80436657 Webservice-DIC yoyaku_v41 vulnerable to command injection
yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Impact An arbitrary command could be executed with the privilege of the server where yoyakuv41 runs. Solution Update the Software Update to the latest version...
CVE-2009-1656
The CVE-2009-1656 entry pertains to Xerox WorkCentre/WorkCentre Pro devices: models 232, 238, 245, 255, 265, 275 and 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, 7675. Documented issue: a remote command-injection vulnerability in the device web server that allows arbitrary commands to be...
CVE-2009-1656
Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability."...
CVE-2008-3882
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via 1 the executeFilter function in zmhtmlviewevents.php and 2 the runstate parameter to zmhtmlviewstate.php...
DTSA-164-1 newsbeuter - command injection
Bulletin has no description...
Afuse 'afuse.c' SHELL命令注入漏洞
BUGTRAQ ID: 30245 CVE ID:CVE-2008-2232 CNCVE ID:CNCVE-20082232 Afuse是一款类似autofs工具的文件系统自动挂接程序。 Afuse不正确处理命令行参数,本地攻击者可以利用漏洞以高特权执行任意命令。 afuse接收如下形式的命令行: afuse /path -o mounttemplate="mount-script %m %r" \ unmounttemplate="unmount-script %m %r"...