Ruby Gem sfpagent 0.4.14 Command Injection

Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14 Date: 4/15/2014 Author: Larry W. Cashdollar, @larry0 CVE: 2014-2888 Download: http://rubygems.org/gems/sfpagent Vulnerability The list variable generated from the user supplied JSONbody input is passed directly to the system shell on lin...

SEC Consult SA-20140402-0 :: Multiple vulnerabilities in Rhythm File Manager

SEC Consult Vulnerability Lab Security Advisory 20140402-0 ======================================================================= title: Multiple vulnerabilities product: Rhythm Software File Manager Rhythm Software File Manager HD vulnerable version: File Manager 1.16.6 File Manager HD 1.11.5...

Linksys E-Series TheMoon Remote Command Injection Exploit

Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so called "TheMoon" worm. There are many Linksys systems that might be vulnerable including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900. Th...

Linksys E-Series TheMoon Remote Command Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Linksys E-Series TheMoon Remote Command Injection', 'Description' = %q Some Linksys E-Series Routers are vulnerable to an...

Arabic Prawn Gem for Ruby lib/string_utf_support.rb User Input Handling Remote Command Injection

Arabic Prawn Gem for Ruby contains a flaw in the lib/stringutfsupport.rb file. The issue is due to the program failing to sanitize user input. This may allow a remote attacker to inject arbitrary commands. "lib/stringutfsupport.rb" in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to...

Linksys E-Series TheMoon Remote Command Injection

Some Linksys E-Series Routers are vulnerable to an unauthenticated OS command injection. This vulnerability was used from the so-called "TheMoon" worm. There are many Linksys systems that are potentially vulnerable, including E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000,...

Iconify SkyBlueCanvas‘index.php’远程命令注入漏洞

Bugtraq ID:65129 CVE:CVE-2014-1683 SkyBlueCanvas是Iconify公司的一套轻量级Web内容管理系统。该系统使用XML存储数据，并提供主题、附加组件、问题报告等功能。 Iconify SkyBlueCanvas中存在远程命令注入漏洞。攻击者可利用该漏洞在受影响应用程序上下文中执行任意命令，有助于发起进一步攻击。SkyBlueCanvas 1.1 r248-03版本中存在漏洞，其他版本也可能受到影响。 0 SkyBlueCanvas 1.1 r248-03 厂商补丁： Iconify -----...

Pandora Fms 5.0RC1 - Remote Command Injection

Pandora Fms 5.0RC1 - Remote Command Injection ----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Pandora FMS 5.0RC1 and below ------------------------- Affected vendors: ------------------------- Pandora FMS http://pandorafms.com/...

Pandora Fms 5.0RC1 - Remote Command Injection

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Pandora FMS 5.0RC1 and below ------------------------- Affected vendors: ------------------------- Pandora FMS http://pandorafms.com/ ------------------------- Product description:...

SkyBlueCanvas CMS 1.1 r248-03 Command Injection

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an...

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...

PineApp Mail-SeCure admin/confnetworking.html Multiple Parameter Remote Command Injection

The version of PineApp Mail-SeCure installed on the remote host is affected by a remote command injection vulnerability because the application fails to properly sanitize input to multiple parameters. This could allow a remote, unauthenticated attacker to execute arbitrary commands on the remote...

Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability

Webuzo is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

EMC Replication Manager Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'EMC Replication Manager Command Execution', 'Description' = %q This module exploits a remote command-injection vulnerability in EMC...

Interactive Graphical SCADA System Remote Command Injection

This module abuses a directory traversal flaw in Interactive Graphical SCADA System v9.00. In conjunction with the traversal flaw, if opcode 0x17 is sent to the dc.exe process, an attacker may be able to execute arbitrary system commands. This module requires Metasploit:...

GestioIP <= 3.0 Command Injection Vulnerability - Active Check

GestioIP is prone to a remote command injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linksys Devices pingstr Remote Command Injection

The Linksys WRT100 and WRT110 consumer routers are vulnerable to a command injection exploit in the ping field of the web interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys...

phpThumb v. <= 1.7.9 Remote Command Injection Exploit

This code exploits a Remote Command Injection vulnerability in phpThumb that allows attackers to upload a shell automatically.. !/usr/bin/perl Exploit Title: phpThumb v. http://mobileworld24.pl/wp-content/themes/mobileworld24/inc/phpThumb/ use LWP::UserAgent; use HTTP::Request; $target = $ARGV0;...

Fog Dragonfly 0.8.2 Command Injection Vulnerability

Ruby Gem Fog Dragonfly version 0.8.2 suffers from a remote command injection vulnerability. TITLE: Remote Command Injection in fog-dragonfly-0.8.2 Ruby Gem Credit: Larry W. Cashdollar, @larry0 Date: 8/16/2013 CVE: 2013-5671 Download: https://rubygems.org/gems/fog-dragonfly Description: "Dragonfly...