EUVD-2001-1001

Malware in sbrugna...

EUVD-2012-6574

Malware in sbrugna...

CVE-2012-10033

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

CVE-2012-10033

Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configureimage function. This function invokes PHP’s passthru with the unsanitize...

PHPCompta/NOALYSS 6.7.1 5638 - Remote Command Execution

No description provided by source. Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does not validate the synta...

PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution

Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does not validate the syntax of the commands when processing...

PHPCompta / NOALYSS 6.7.1 5638 - Remote Command Execution Vulnerability

PHPCompta/NOALYSS version 6.7.1 5638 suffers from a remote command execution vulnerability. Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Krama...

VICIdial Manager Send OS Command Injection Vulnerability

The file agc/managersend.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with...

VICIdial Manager Send OS Command Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'VICIdial Manager Send OS Command Injection', 'Description' = %q The file agc/managersend.php in the VICIdial web application uses...

VICIdial Manager Send OS Command Injection

The file agc/managersend.php in the VICIdial web application uses unsanitized user input as part of a command that is executed using the PHP passthru function. A valid username, password and session are needed to access the injection point. Fortunately, VICIdial has two built-in accounts with...

CVE-2001-1020

editimage.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfilename parameter, which is sent unfiltered to the PHP passthru function...