758 matches found
PT-2019-14339 · Mantisbt · Mantisbt
Name of the Vulnerable Software and Affected Versions: MantisBT versions prior to 1.3.20 MantisBT versions prior to 2.22.1 Description: The issue allows for Post Authentication Command Injection, which can lead to Remote Code Execution. Recommendations: For versions prior to 1.3.20, update to...
CVE-2019-12104
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...
CVE-2019-12104
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...
Command injection
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...
CVE-2019-12104
The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by several post-authentication command injection vulnerabilities...
CVE-2019-14338
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface...
Design/Logic Flaw
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface...
CVE-2019-14338
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface...
CVE-2018-16089
In System Management Module SMM versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user...
CVE-2018-16090
In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...
CVE-2018-16090
In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...
Command injection
In System Management Module SMM versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection...
Command injection
In System Management Module SMM versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user...
CVE-2018-16090
The CVE-2018-16090 vulnerability affects Lenovo System Management Module (SMM) firmware prior to 1.06, where the certificate creation and parsing logic allows post-authentication command injection. The Lenovo advisory LEN-24374 documents this issue and links it to several SMM-related CVEs; for CV...
CVE-2018-16089
The CVE-2018-16089 entry concerns Lenovo System Management Module (SMM) firmware. A field in the header of SMM firmware update images in SMM versions prior to 1.06 is insufficiently sanitized, enabling post-authentication command injection on the SMM as the root user. The Lenovo advisory LEN-2437...
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...
phpMyAdmin Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...
FreeBSD : SquirrelMail -- post-authentication access privileges (928d5c59-2a5a-11e8-a712-0025908740c2)
Florian Grunow reports : An attacker able to exploit this vulnerability can extract files of the server the application is running on. This may include configuration files, log files and additionally all files that are readable for all users on the system. This issue is post-authentication. That...
NetEx HyperIP Post-Auth Remote Command Execution Vulnerability
HyperIP is a WAN optimized virtual appliance. Deploying HyperIP enables data replication, backup, recovery and data center migration. HyperIP has a remote command execution vulnerability in its implementation. The principle of this vulnerability is that setting the setval parameter as a malformed...