8766 matches found
Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability(CVE-2017-2841)
Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...
Trend Micro Smart Protection OS Command Injection
1. Advisory Information Title: Trend Micro Smart Protection OS Command Injection Advisory ID: CORE-2017-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-os-command-injection Date published: 2017-08-23 Date of last update: 2017-08-23 Vendors contacted...
QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities
--- Advisory details --- Title: QuantaStor Software Define Storage mmultiple vulnerabilities Advisory ID: VVVSEC-2017-6943 Advisory URL: http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Date published: 12/08/2017 CVEs: CVE-2017-9978 "Brute force login request using http...
Adobe Connect Multiple Vulnerabilities (APSB17-22)
Adobe Connect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:connect"; ifdescription...
Command injection
An Improper Neutralization of Special Elements in an OS command issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call...
CVE-2017-5173
An Improper Neutralization of Special Elements in an OS command issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call...
CVE-2017-5173
Geutebrück G-Cam/EFD-2250 (Firmware 1.11.0.12) is affected by two CVEs: CVE-2017-5173 (Improbable neutralization of special elements in OS commands) and CVE-2017-5174 (Authentication bypass). CVE-5174 enables remote authentication bypass; CVE-5173 can allow remote code execution via crafted reque...
CVE-2016-8024
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing...
Geutebrück IP Cameras
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Authentication Bypass and Improper Neutralization of Special Elements AFFECTED PRODUCTS The following Geutebrück G-Cam IP camera version is affected: G-Cam/EFD-2250...
CVE-2016-5811
An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output CROSS-SITE SCRIPTING...
Smart Guard Network Manager 6.3.2 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SQL Injection In Smart Guard Network Manager Api Date: 03/12/2016 Exploit Author: Rahul Raz Vendor Homepage: http://www.xsinfoways.com/ Software Name: Smart Guard Network Manager Version: 6.3.2 Tested on: Ubuntu Linux...
The vulnerability of the Security SiteProtector System’s security protection mechanism allows a hacker to input their own arguments.
The vulnerability of the Security SiteProtector System security system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to insert their own commands...
Shopify: XSS on https://app.shopify.com/
DESCRIPTION =========== It has been identified that the page located at https://app.shopify.com/ is prone to cross-site scripting issues. Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts also commonly referred to as a malicious...
OpenSSH 7.2p1 xauth Command Injection / Bypass
Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115 Version: 0.2 Date: Mar 3rd, 2016 Tag: openssh xauth command injection may lead to forced-command and /bin/false bypass Overview -------- Name: openssh Vendor: OpenBSD References: http://www.openssh.com/1 Version: 7.2p1 2...
DropBearSSHD 2015.71 - Command Injection
Exploit for linux platform in category remote exploits VuNote ============ Author: Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116 Version: 0.2 Date: Mar 3rd, 2016 Tag: dropbearsshd xauth command injection may lead to forced-command bypass Overview -------- Name: dropbear...
HTTP File Server Remote Command Execution Vulnerability-02 (Jan 2016)
HTTP File Server is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
IBC Solar ServeMaster Source Code Vulnerability
OVERVIEW Independent researcher Maxim Rupp has identified three vulnerabilities in IBC Solar products. The vulnerabilities are disclosure of applications source code, plain text passwords, and cross site scripting. IBC Solar has not produced a patch to mitigate these vulnerabilities. These...
Vastal I-tech phpVID 1.2.3 SQL Injection
Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities Exploit Title: Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Security Vulnerabilities Product: phpVID Vendor: Vastal I-tech Vulnerable Versions: 1.2.3 0.9.9 Tested Version: 1.2.3 0.9.9 Advisory Publication: Mar...
Cart Engine 3.0 - Multiple Vulnerabilities
No description provided by source. === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTT...
Cart Engine 3.0 - Multiple Vulnerabilities
Cart Engine 3.0 - Multiple Vulnerabilities === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially...