9786 matches found
Commvault Edge Server deserializes cookie data insecurely
Overview Commvault Edge Server, version 10 R2, deserializes untrusted, user-provided cookie data, resulting in arbitrary OS command execution with the web server's privileges. Description CWE-502: Deserialization of Untrusted Data - CVE-2015-7253Commvault Edge Server, version 10 R2, deserializes...
JVN#04281281: ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection
ISUCON5 qualifier portal web application eventapp provided by ISUCON organizers contains an OS command injection CWE-78 vulnerability. Impact A logged in attacker may execute arbitrary OS commands on the server. Solution Update the Software Update to the latest version according to the informatio...
CVE-2015-7901
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors...
CVE-2015-7901
Infinite Automation Mango Automation versions 2.5.x–2.6.0 beta (builds prior to 430) contain an OS command injection vulnerability that can be exploited by an authenticated remote user to execute arbitrary commands. Affected component/issue is demonstrated by public exploit references (e.g., Expl...
Xtreme Vulnerable Web Application: XVWA
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. It is recommended to host this application in local/controlled environment an...
ZyXEL PMG5318-B20A OS Command Injection
Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6018 Vulnerability Details CWE-20 :...
ZYXEL PMG5318-B20A - OS Command Injection
ZYXEL PMG5318-B20A - OS Command Injection Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...
ZyXEL PMG5318-B20A - OS Command Injection Vulnerability
Exploit for hardware platform in category web applications Exploit Title: ZyXEL PMG5318-B20A OS Command Injection Vulnerability Discovered by: Karn Ganeshen CERT VU 870744 Vendor Homepage: www.zyxel.com Version Reported: Firmware version V100AANC0b5 CVE-2015-6018...
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
Netgear Voice Gateway with firmware version 2.3.0.232.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities. Exploit Title: Netgear Voice Gateway Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor Discovered by: Karn Ganesh...
NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
NETGEAR Voice Gateway 2.3.0.232.3.23 - Multiple Vulnerabilities Exploit Title: Netgear Voice Gateway Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor Discovered by: Karn Ganeshen Vendor Homepage: www.netgear.com Version: Firmware Version: V2.3.0.232.3.23 Netgear Voice Gateway...
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
Exploit Title: Netgear Voice Gateway Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor Discovered by: Karn Ganeshen Vendor Homepage: www.netgear.com Version: Firmware Version: V2.3.0.232.3.23 Netgear Voice Gateway Multiple Vulnerabilities Device Info Device Type: Netgear Voice...
PIXORD Vehicle 3G Wi-Fi Router Command Injection / Information Disclosure
Exploit Title: Vehicle 3G Wi-Fi Router - PIXORD - Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor till date Discovered by: Karn Ganeshen Vendor Homepage: http://www.pixord.com/en/productsshow.php?show=17 Version: Model Name :3GR-431P Software Version :RTA-A00102 Wireless Drive...
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities Exploit Title: Vehicle 3G Wi-Fi Router - PIXORD - Multiple Vulnerabilities Date: May 01, 2015 No response from Vendor till date Discovered by: Karn Ganeshen Vendor Homepage: http://www.pixord.com/en/productsshow.php?show=17 Versio...
CVE-2015-7310
McAfee Enterprise Security Manager ESM, Enterprise Security Manager/Log Manager ESMLM, and Enterprise Security Manager/Receiver ESMREC before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which...
CVE-2015-7310
McAfee Enterprise Security Manager ESM, Enterprise Security Manager/Log Manager ESMLM, and Enterprise Security Manager/Receiver ESMREC before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute arbitrary OS commands via a crafted filename, which...
Advantech EKI Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...
Endian Firewall Proxy Password Change Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...
Endian Firewall Proxy Password Change Command Injection Exploit
This Metasploit module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this...
Endian Firewall - Password Change Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...
CVE-2015-4330
A local file script in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556...