9786 matches found
JVN#54686544: HOME SPOT CUBE multiple vulnerabilities
HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains multiple vulnerabilities listed below. Cross-site scripting - CVE-2016-1136 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...
D-Link DCS-930L Authenticated Remote Command Execution
The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12. This module requires Metasploit:...
CVE-2016-1142
CVE-2016-1142 affects Seeds acmailer. Connected documents confirm an OS command injection (CWE-78) vulnerability in Seeds acmailer prior to 3.8.21 and 3.9.x prior to 3.9.15 Beta, exploitable by an authenticated remote attacker to execute arbitrary commands on the server via unspecified vectors. A...
JVN#50899877: acmailer vulnerable to OS command injection
acmailer provided by Seeds Co.,Ltd. contains an OS command injection vulnerability CWE-78. Impact An authenticated attacker may execute an arbitrary OS command on the server. Solution Update the software Update to the latest version according to the information provided by the developer. Products...
CVE-2015-5018
CVE-2015-5018 affects IBM Security Access Manager for Web (ISAM) on Web-based appliances: versions 7.0 before FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 are vulnerable to a command-injection via Local Management Interface (LMI) that enables remote authenticated users to execute arbi...
Geeklog 2.1.0 Command Injection
Security Advisory - Curesec Research Team 1. Introduction Affected Product: Geeklog 2.1.0 Fixed in: 2.1.1b3 Fixed Version Link: https://www.geeklog.net/filemgmt/visit.php/1156 Vendor Contact: [email protected] Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to...
KLA10715Multiple vulnerabilities in Microsoft Windows Media Center
CVSS: 9.3 Detect date: 12/08/2015 Severity: Critical Description: An unknown vulnerabilities in Microsoft Windows Media Center can be exploited remotely via a specially designed .mcl files. Malicious attacker can execute arbitrary code or obtain sensitive information. Affected products: Microsoft...
Cambium ePMP 1000 - Multiple Vulnerabilities
Cambium ePMP 1000 - Multiple Vulnerabilities July 14, 2015: First contacted Cambium July 14, 2015: Initial vendor response July 16, 2015: Vuln Details reported to Cambium July 31, 2015: Followup on advisory and fix timelines August 03, 2015: Vendor gives mid-Aug as fix v2.5 release timeline. Ceas...
Cambium ePMP 1000 - Multiple Vulnerabilities
Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities July 14, 2015: First contacted Cambium July 14, 2015: Initial vendor response July 16, 2015: Vuln Details reported to Cambium July 31, 2015: Followup on advisory and fix timelines August 03, 2015...
CF Image Host 1.65 - PHP Command Injection
CF Image Host 1.65 - PHP Command Injection + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-PHP-CMD-INJECTION.txt Vendor: ==================================== codefuture.co.uk/projects/imagehost Product:...
CF Image Host 1.65 - PHP Command Injection
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-PHP-CMD-INJECTION.txt Vendor: ==================================== codefuture.co.uk/projects/imagehost Product: =================================== CF Image Host 1.65 - 1.6.6...
Symantec Endpoint Protection Multiple Vulnerabilities (Nov 2015)
Symantec Endpoint Protection is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-7774
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role...
CVE-2015-7774
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role...
b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities
b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...
JVN#25323093: pWebManager vulnerable to OS command injection
pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed on the server by a user logged in with editor permissions. Solution Update the Software Update to the latest version according to the information provided ...
WAP - Web Application Protection
WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...
CVE-2015-5672
TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data...
JVN#80144272: Multiple TYPE-MOON games vulnerable to OS command injection
Multiple games provided by TYPE-MOON contain an OS command injection vulnerability CWE-78 due to an issue in loading save data. Impact When specially crafted save data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate the affects...
Design/Logic Flaw
The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS commands via crafted serialized data in a cookie...