9786 matches found
CVE-2017-7414
In Horde_Crypt (PHP Horde) prior to 2.7.6, used in Horde Groupware Webmail Edition 5.x–5.2.17, a crafted PGP-signed email can trigger OS command injection when the recipient views or previews the message. The vulnerability arises when PGP features are enabled and “Should PGP signed messages be au...
CVE-2017-7414
In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit...
CVE-2017-7413
In HordeCrypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email...
Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection Exploit
Exploit for linux platform in category remote exploits Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS...
SA138 : OS Command Injection Vulnerability in ASG and CA
SUMMARY The ASG and CA web-based management consoles are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges. AFFECTED PRODUCTS Advanced Secure Gateway ASG --- CVE | Affected Releases |...
Bluecoat ASG 6.6/CAS 1.3 - Local Privilege Escalation (Metasploit)
Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS 1.3 prior to 1.3.7.4 ...
Moxa AWK-3131A 1.4 < 1.7 - 'Username' OS Command Injection
!/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ', content: if ' ' in s: s = '\x20' if '\n' in s: s = '\n' else:...
Moxa AWK-3131A 1.4 1.7 - Username OS Command Injection
Moxa AWK-3131A 1.4 1.7 - Username OS Command Injection !/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ', content...
Bluecoat ASG 6.6CAS 1.3 - Local Privilege Escalation (Metasploit)
Bluecoat ASG 6.6CAS 1.3 - Local Privilege Escalation Metasploit Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory:...
Zyxel EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection Vulnerability
Exploit for hardware platform in category remote exploits Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh...
Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection
Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10124 AppleWebKit/537.36 KHTML, like Geck...
Zyxel / EMG2926 Command Injection
Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10124 AppleWebKit/537.36 KHTML, like Geck...
Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection
Zyxel EMG2926 V1.00AAQT.4b8 - OS Command Injection Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel...
Security guide for website operators vulnerable to OS command injection
Overview Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. This vulnerability was reported by IPA to notify users of its solution through JVN. JPCERT/CC a...
JVN#11448789: Security guide for website operators vulnerable to OS command injection
Security guide for website operators provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Do...
Western Digital My Cloud Command Injection / File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated OS command injection & arbitrary file upload product: Western Digital My Cloud vulnerable version: at least: 2.21.126 My Cloud, 2.11.157My Cloud EX2,...
Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries and we have found three vulnerabilities in it: Trivial admin...
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries...
NetGain Enterprise Manager OS Command Injection Vulnerability
NetGain Enterprise Manager is prone to an OS command injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the hostname field of an HTTP POST request, a different vulnerability than CVE-2017-6077...