2578 matches found
LifeSize UVC Authenticated Remote Command Execution
When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user or equivalent. This module requires Metasploit: http//metasploit.com/download Current source:...
[PingInfoView] Ping monitor utility
PingInfoView is a small utility that allows you to easily ping multiple host names and IP addresses, and watch the result in one table. It automatically ping to all hosts every number of seconds that you specify, and displays the number of succeed and failed pings, as well as the average ping tim...
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
LifeSize UVC 1.2.6 authenticated vulnerabilities RCE as www-data: POST /server-admin/operations/diagnose/ping/ HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
LifeSize UVC 1.2.6 - Authenticated Remote Code Execution LifeSize UVC 1.2.6 authenticated vulnerabilities RCE as www-data: POST /server-admin/operations/diagnose/ping/ HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
Netgear D6300B Router多个安全漏洞
BUGTRAQ ID: 65703 Netgear D6300B是美国网件(Netgear)公司的一款无线路由器产品。 Netgear D6300B路由器中存在以下安全漏洞:1.未授权访问漏洞2.命令注入漏洞3.信息泄露漏洞。攻击者可利用这些漏洞获取敏感信息的访问权限,在受影响设备上下文中执行任意命令,执行未授权操作。Netgear D6300B 1.0.0.141.0.14版本中存在漏洞,其他版本也可能受到影响。 0 etgear D6300B 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
Ubuntu: Security Advisory (USN-2117-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities
NETGEAR DGN2200 N300 Wireless Router - Multiple Vulnerabilities Title: Multiple vulnerabilities in NETGEAR N300 WIRELESS ADSL2+ MODEM ROUTER DGN2200 ==================================================================================== Notification Date: 11 February 2014 Affected Vendor: NetGear...
openSUSE: Security Advisory for kernel (openSUSE-SU-2014:0205-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE Update for kernel openSUSE-SU-2014:0205-1 (kernel)
Check for the Version of kernel OpenVAS Vulnerability Test $Id: gbsuse201402051.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for kernel openSUSE-SU-2014:0205-1 kernel Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program i...
CVE-2013-7179
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...
Design/Logic Flaw
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...
CVE-2013-7179
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...
LiveZilla 5.1.1.0 Stored XSS in operator clients
Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...
SAMSPADE 1.14 BUFFER OVERFLOW
Exploit Title: SAMSPADE 1.14 BUFFER OVERFLOW Date: 10-12-2013 Exploit Author: VISHAL MISHRA & NIDHI VERMA Vendor Homepage: http://www.samspade.org/ Software Link: http://www.majorgeeks.com/mg/getmirror/samspade,1.html Version: 1.1.4 beta Tested on: WINDOWS XPsp2 TARGET: windows xpsp2...
GLSA-201312-12 : MIT Kerberos 5: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201312-12 MIT Kerberos 5: Multiple vulnerabilities Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in the Key Distribution Center in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker...
CVE-2013-6958
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet...
Input validation
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet...
Juniper ScreenOS vulnerable to denial-of-service (DoS)
Overview ScreenOS provided by Juniper Networks contains a denial-of-service DoS vulnerability. Shuichiro Suzuki of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact When processing a malicious packe...
Juniper Networks ScreenOS 拒绝服务漏洞
BUGTRAQ ID: 64260 CVECAN ID: CVE-2013-6958 ScreenOS是Netscreen防火墙安全解决方案所使用的操作系统。 ScreenOS 5.4, 6.2.0, 6.3.0版本中禁用了"Ping of Death"屏幕后,处理特制报文的实现上存在安全漏洞,成功利用后可导致拒绝服务。 0 Juniper Networks ScreenOS 6.3 Juniper Networks ScreenOS 6.2 厂商补丁: Juniper Networks ---------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...