CVE-2013-1240

The command-line interface in Cisco Unified Communications Manager CUCM does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue25770...

CVE-2013-1196

The command-line interface in Cisco Secure Access Control System ACS, Identity Services Engine Software, Context Directory Agent, Application Networking Manager ANM, Prime Network Control System, Prime LAN Management Solution LMS, Prime Collaboration, Unified Provisioning Manager, Network Service...

Design/Logic Flaw

The command-line interface in Cisco Secure Access Control System ACS, Identity Services Engine Software, Context Directory Agent, Application Networking Manager ANM, Prime Network Control System, Prime LAN Management Solution LMS, Prime Collaboration, Unified Provisioning Manager, Network Service...

[SECURITY] Fedora 18 Update: libxslt-1.1.28-1.fc18

This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine...

Design/Logic Flaw

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System ACS, Application Networking Manager ANM, Prime LAN Management Solution LMS, Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Netwo...

CVE-2013-1125

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System ACS, Application Networking Manager ANM, Prime LAN Management Solution LMS, Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Netwo...

Multiple Cisco Products Root Shell Access Vulnerability

Multiple Cisco products contain a vulnerability that could allow a local attacker to gain shell access with root privileges. The vulnerability is due to incorrect validation of user-supplied input processed by the command-line interface CLI on Cisco products running the affected software. A local...

[WS_FTP Password Decryptor] Recover FTP login passwords stored by WS_FTP

WSFTP Password Decryptor is the FREE software to instantly recover FTP login passwords stored by WSFTP - one of the popular FTP client application. WSFTP stores the password for all the past FTP sessions in the "wsftp.ini" file so that user don't have to enter it every time. WSFTP Password...

D-Link DSR-250N Backdoor

D-Link DSR-250N Persistent Root Access Router: D-Link DSR-250N Hardware Version: A1 Firmware Version: 1.05B73WW Arch: armv6l, Linux Author: 0o -- nullnull nu11.nu11 at yahoo.com Date: 2012-11-25 Purpose: Persistently become real root on your D-Link DSR-250N I just wanted to do real firewalling on...

Fedora Update for libxslt FEDORA-2012-14048

Check for the Version of libxslt OpenVAS Vulnerability Test Fedora Update for libxslt FEDORA-2012-14048 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

UBUNTU-CVE-2012-1607

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

Microsoft Releases Attack Surface Analyzer Tool

Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...

CVE-2012-2163

IBM Scale Out Network Attached Storage SONAS 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the 1 Command Line Interface or 2 Graphical User Interface, related to a "code injection" issue...

Mathematica8.0.4 on Linux /tmp/MathLink vulnerability

The problem reported for Mathematica became worse at version 8.0.4, present for the command-line interface "math" also. Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia ---...

[SECURITY] Fedora 16 Update: sectool-0.9.5-7.fc16

sectool is a security tool that can be used both as a security audit and intrusion detection system. It consists of set of tests, library and command line interface tool. Tests are sorted into groups and security levels. Admins can run certain tests, groups or whole security levels. The library a...

Several Vulnerabilities in TYPO3 Core

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.13, 4.5.0 up to 4.5.13, 4.6.0 up to 4.6.6 and development releases of the 4.7 and 6.0 branch. Vulnerability Type...

PHP Calendar Extension “SdnToJulian()”远程整数溢出漏洞

BUGTRAQ ID: 46967 CVE ID: CVE-2011-1466 PHP是一种在电脑上运行的脚本语言，主要用途是在于处理动态网页，包含了命令行运行接口或者产生图形用户界面程序。 PHP 5.3.6之前版本的Calendar扩展中的SdnToJulian函数在实现上存在整数溢出漏洞，可使攻击者通过calfromjd函数的首个参数造成拒绝服务 0 PHP 5.3.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net...

The Mole - Another Automatic SQL Injection exploitation tool

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based...

[SECURITY] Fedora 14 Update: roundup-1.4.15-1.fc14

Roundup is a simple and flexible issue-tracking system with command line, web and email interfaces. It is based on the winning design from Ka-Ping Yee in the Software Carpentry "Track" design competition...

CVE-2009-2936

The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a vcl.inline...