9786 matches found
CVE-2015-4330
Cisco TelePresence Video Communication Server Expressway X8.5.2 contains a local file script vulnerability that lets an authenticated, local attacker gain elevated OS-command execution by supplying invalid parameters to a local script. Root cause is insufficient protection of the local script, en...
Infinite Automation Systems Mango Automation Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ISCA-15-300-02 Infinite Automation Systems Mango Automation Vulnerabilities that was published October 27, 2015, on the NCCIC/ICS-CERT web site. Steven Seeley of Source Incite and Gjoko Krstic of Zero Science Lab have...
Design/Logic Flaw
Webservice-DIC yoyakuv41 allows remote attackers to execute arbitrary OS commands via unspecified vectors...
yoyaku_v41 vulnerable to OS command injection
Overview yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
JVN#17522792: yoyaku_v41 vulnerable to OS command injection
yoyakuv41 provided by Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains an OS command injection vulnerability CWE-78. Impact An arbitrary OS command may be executed with the privileges of the web server on the server where yoyakuv41 is running. Solution Do no...
JVN#73568461: PHP for Windows vulnerable to OS command injection
PHP for Windows contains an OS command injection due to a processing flaw in the escapeshellarg function. Impact Specifying a specially crafted parameter in the escapeshellarg function may result in an arbitrary OS command being executed. Solution Apply the patch Apply the patch according to the...
[CORE-2015-0011] - AirLink101 SkyIPCam1620W OS Command Injection
Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...
[CORE-2015-0012] - AirLive Multiple Products OS Command Injection
Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last update: 2015-07-06 Vendors contacted: AirLive Release...
AirLink101 SkyIPCam1620W OS Command Injection
The SkyIPCam1620W Wireless N MPEG4 3GPP Network Camera is vulnerable to an OS Command Injection Vulnerability in the snwrite.cgi binary. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
AirLink101 SkyIPCam1620W OS Command Injection Vulnerability
Exploit for hardware platform in category web applications 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of...
AirLive (Multiple Products) - OS Command Injection
AirLive Multiple Products - OS Command Injection 1. Advisory Information Title: AirLive Multiple Products OS Command Injection Advisory ID: CORE-2015-0012 Advisory URL: http://www.coresecurity.com/advisories/airlive-multiple-products-os-command-injection Date published: 2015-07-06 Date of last...
AirLink101 SkyIPCam1620W - OS Command Injection
AirLink101 SkyIPCam1620W - OS Command Injection 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last updat...
AirLink101 SkyIPCam1620W - OS Command Injection
Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of last update: 2015-07-08 Vendors contacted: AirLink101...
AirLive Multiple Products OS Command Injection (Jul 2015) - Active Check
There is an OS Command Injection in the cgitest.cgi binary file in the AirLive MD-3025, BU-3026 and BU-2015 cameras when handling certain parameters. That specific CGI file can be requested without authentication, unless the user specified in the configuration of the camera that every communicati...
Endian Firewall < 3.0.0 - OS Command Injection (Metasploit Module) Exploit
Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall %q This module exploits an OS command injection vulnerability i...
CVE-2015-4237
The CLI parser in Cisco NX-OS 4.12E11, 6.211b, 6.212, 7.20ZZ99.1, 7.20ZZ99.3, and 9.11SV13.1.8 on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and...
Endian Firewall Proxy Password Change Command Injection
This module exploits an OS command injection vulnerability in a web-accessible CGI script used to change passwords for locally-defined proxy user accounts. Valid credentials for such an account are required. Command execution will be in the context of the "nobody" account, but this account had...
Endian Firewall < 3.0.0 - OS Command Injection
!/usr/bin/env python Endian Firewall Proxy User Password Change /cgi-bin/chpasswd.cgi OS Command Injection Exploit POC Reverse TCP Shell Ben Lincoln, 2015-06-28 http://www.beneaththewaves.net/ Requires knowledge of a valid proxy username and password on the target Endian Firewall import httplib...
Vesta Control Panel 0.9.8 - OS Command Injection
Vesta Control Panel 0.9.8 - OS Command Injection Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor...
Vesta Control Panel 0.9.8 - OS Command Injection
Advisory ID: HTB23261 Product: Vesta Control Panel Vendor: http://vestacp.com Vulnerable Versions: 0.9.8 and probably prior Tested Version: 0.9.8 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 3, 2015 Public Disclosure: June 17,...