Webmin show.cgi Open Function Call Command Execution

Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...

SAP /sap/bc/soap/rfc SOAP Service SXPG_COMMAND_EXEC Function Command Injection

This module makes use of the SXPGCOMMANDEXEC Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service, to inject and execute OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module i...

SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Execution

This module makes use of the SXPGCALLSYSTEM Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service to execute OS commands as configured in the SM69 transaction. This module requires Metasploit: https://metasploit.com/download Current source:...

SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection

This module makes use of the SXPGCALLSYSTEM Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service, to inject and execute OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is...

CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...

CA ARCserve Backup Authentication service invalid virtual function call

Added: 11/09/2012 CVE: CVE-2012-2971 BID: 56116 OSVDB: 86416 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. Problem An invalid virtual function call in the authentication service allows remote attackers to execute arbitrary commands. Resolutio...

SAP SOAP RFC SXPG_COMMAND_EXECUTE

This module makes use of the SXPGCOMMANDEXECUTE Remote Function Call, through the use of the /sap/bc/soap/rfc SOAP service to execute OS commands as configured in the SM69 transaction. This module requires Metasploit: https://metasploit.com/download Current source:...

Viscom Software Image Viewer ActiveX Buffer Overflow

A buffer overflow vulnerability has been reported in Viscom Software Image Viewer. The vulnerability is due to a boundary error when handling a certain function call with an overly long parameter. A remote attacker may exploit this vulnerability by enticing an affected user to open a specially...

[ GLSA 201111-04 ] phpDocumentor: Function call injection

Gentoo Linux Security Advisory GLSA 201111-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

phpDocumentor: Function call injection

Background The phpDocumentor package provides automatic documenting of PHP API directly from the source. Description phpDocumentor bundles Smarty with the modifier.regexreplace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string. Impact A remot...

CVE-2011-2691

The CVE-2011-2691 issue affects libpng in multiple series (1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, 1.5.x before 1.5.4). The png_err function may call with a NULL pointer instead of an empty string, enabling remote attackers to crash the application via a crafted PNG image (d...

CVE-2011-0761

Perl 5.10.x allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an ability to inject arguments into a 1 getpeername, 2 readdir, 3 closedir, 4 getsockname, 5 rewinddir, 6 tell, or 7 telldir function call...

HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.53 prior to NNM01203. By making a specially crafted HTTP request to the "snmpviewer.exe" CGI program, an attacker can cause a stack-based buffer overflow and execute arbitrary code. The vulnerable code lies within ...

Touch22 Image22 ActiveX Control Buffer Overflow

Added: 09/13/2010 BID: 41547 Background Touch22 Software Image22 ActiveX enables dynamic graphic creation and image manipulation from within an application. Problem Touch22 Software Image22 ActiveX Control 1.1.1 is vulnerable to buffer overflow due to a boundary error when handling the function...

Debian DSA-1868-1 : kde4libs - several vulnerabilities

Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers...

Buffer overflow

Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CA Internet Security Suite UmxEventCli.dll控件不安全函数调用漏洞

CA Internet Security Suite是为家庭用户提供的综合网络安全解决方案。 Internet Security Suite所提供的UmxEventCli.CachedAuditDataList.1 ActiveX控件（UmxEventCli.dll）没有安全地调用SaveToFile函数，如果用户受骗访问了恶意网页的话，就可能以当前登录用户的权限覆盖并破坏系统上的任意文件。 Computer Associates Internet Security Suite 2008 Computer Associates -------------------...

Input validation

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service browser crash via an invalid WksPictureInterface property value, which triggers an improper...

CVE-2008-1898

A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service browser crash via an invalid WksPictureInterface property value, which triggers an improper...