Lucene search
K

9839 matches found

securityvulns
securityvulns
added 2011/08/30 12:0 a.m.48 views

LifeSize Room Vulnerabilities

Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...

7.5CVSS2.1AI score0.36116EPSS
Exploits9
securityvulns
securityvulns
added 2011/07/06 12:0 a.m.248 views

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

1.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/07/03 12:0 a.m.49 views

Spring Source OXM 3.0.4 Command Injection

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

0.1AI score
Exploits0
NVD
NVD
added 2011/05/20 10:55 p.m.22 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS7.7AI score0.05321EPSS
Exploits0References4
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Command injection

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS8.3AI score0.05321EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.19 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

7.7AI score0.05321EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.50 views

CVE-2011-2148

CVE-2011-2148 affects SmarterTools SmarterStats 6.0: Admin/frmSite.aspx allows remote command execution via OS command injection. The attacker can exploit a leading/trailing & and specific parameters (STTTState cookie; txtAdminNewPassword_SettingText; txtSmarterLogDirectory; ucSiteSeoSearchEngine...

10CVSS7.9AI score0.05321EPSS
Exploits0References4Affected Software1
CERT
CERT
added 2011/05/18 12:0 a.m.26 views

SmarterTools default basic web server vulnerabilities

Overview Multiple SmarterTools applications install a default basic web server which contains multiple vulnerabilities Description Multiple SmarterTools applications by default install a basic web server which allows administrators to start using the application immediately after installation. Th...

7.2AI score
Exploits0References4
erpscan
erpscan
added 2011/03/14 12:0 a.m.58 views

SAP NetWeaver - Authentication bypass (Verb Tampering)

Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.sap.com Bugs:Auth bypass, Verb tampering Exploits: YES Reported: 14.03.2011 Vendor response:15.03.2011 Date of Public Advisory:11.11.2011 CVSS: 10 by ERPSCAN 7.3 by SAP Author:Alexandr Polyakov Description...

1.2AI score
Exploits0
0day.today
0day.today
added 2011/03/12 12:0 a.m.28 views

SmarterStats 6.0 Multiple Vulnerabilities

Exploit for asp platform in category web applications Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL Injection, DoS Patch: The Vendor has released SmarterStats Version 6.2 at URI...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/03/11 12:0 a.m.33 views

SmarterStats 6.0 - Multiple Vulnerabilities

Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL...

7.4AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/03/07 12:0 a.m.42 views

JVN#73162541: OTRS vulnerable to OS command injection

OTRS provided by the OTRS Project is a ticket management system. OTRS contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of OTRS on the server where it is installed. Solution Update the software Update to the latest version according...

7.5CVSS6.8AI score0.03001EPSS
Exploits0
exploitpack
exploitpack
added 2010/12/09 12:0 a.m.63 views

VMware Tools - Update OS Command Injection

VMware Tools - Update OS Command Injection VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Informati...

7.2CVSS0.7AI score0.0517EPSS
Exploits4
Exploit DB
Exploit DB
added 2010/12/09 12:0 a.m.69 views

VMware Tools - Update OS Command Injection

VMware Tools update OS Command Injection ======================================== 1. Advisory Information Advisory ID: BONSAI-2010-0110 Date published: Thu Dec 9, 2010 Vendors contacted: VMware Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Y...

7.2CVSS7AI score0.0517EPSS
Exploits4
myhack58
myhack58
added 2010/12/01 12:0 a.m.28 views

Pandora FMS <=3.1 multiple vulnerabilities-vulnerability warning-the black bar safety net

Pandora FMS is a server monitoring software, Pandora FMS =version 3.1 there are multiple security vulnerabilities, including:directory traversal, SQL injection, system command injection, authentication bypass and other vulnerabilities. May lead to multiple security threats. +info: Pandora FMS = 3...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2010/12/01 12:0 a.m.86 views

Pandora FMS Command Injection / SQL Injection / Path Traversal

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...

10CVSS0.5AI score0.65618EPSS
Exploits26
securityvulns
securityvulns
added 2010/12/01 12:0 a.m.143 views

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1 Authentication bypass - CVE-2010-4279 2 OS Command Injection - CVE-2010-4278 3 SQL Injection - CVE-2010-4280 4 Blind SQL Injection -...

10CVSS8.4AI score0.65618EPSS
Exploits26
Exploit DB
Exploit DB
added 2010/11/30 12:0 a.m.62 views

Pandora Fms 3.1 - OS Command Injection

Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...

9CVSS6.5AI score0.11342EPSS
Exploits6
Exploit DB
Exploit DB
added 2010/11/30 12:0 a.m.68 views

Pandora Fms 3.1 - SQL Injection

Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as...

7.5CVSS6.4AI score0.05339EPSS
Exploits8
Packet Storm
Packet Storm
added 2010/11/11 12:0 a.m.59 views

Core Security Technologies Advisory 2010.1018

Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Landesk OS command injection 1. Advisory Information Title: Landesk OS command injection Advisory Id: CORE-2010-1018 Advisory URL: http://www.coresecurity.com/content/landesk-os-command-injection-vulnerability Date...

8.5CVSS0.7AI score0.03508EPSS
Exploits6
Rows per page
Query Builder