WebSVN 2.3.2 Command Injection

WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction: This is a very special vulnerabilty, given the incredibly high number of...

rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability

Secunia reports: Input passed via an email from address is not properly sanitised in the "deliver" function lib/mail/network/deliverymethods/sendmail.rb before being used as a command line argument. This can be exploited to inject arbitrary shell commands...

Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection Vulnerability

Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running the application. OpenVAS...

Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection

Mitel Audio and Web Conferencing AWC - Arbitrary Shell Command Injection source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attacker...

Mitel Audio and Web Conferencing (AWC) - Arbitrary Shell Command Injection

source: https://www.securityfocus.com/bid/45537/info Mitel Audio and Web Conferencing AWC is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the...

Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038

Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecifi...

Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml Revision 1.0 For Public Release 2010 November 17 1600 UTC GMT...

Command injection

monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service crash via an empty argument to the mtn command...

Java: Java Web Start arbitrary command line injection

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities

AjaXplorer is prone to a remote command injection vulnerability and a local file disclosure vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands within the context of the affected application and to obtain...

AjaXplorer < 2.6 Multiple Vulnerabilities - Active Check

AjaXplorer is prone to a remote command injection vulnerability and a local file disclosure vulnerability because it fails to adequately sanitize user-supplied input data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability - Active Check

SpamAssassin Milter Plugin is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Accellion File Transfer - Appliance web_client_user_guide.html?lang Traversal Arbitrary File Access

Accellion File Transfer - Appliance webclientuserguide.html?lang Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A...

Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations

Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-travers...

Accellion File Transfer - &#039;Appliance web_client_user_guide.html?lang&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote command-injection issue An attacker may leverage...

Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations

source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-traversal issue - An HTML-injection issue - A remote command-injection issue An attacker may leverage...

Apache mod_proxy_ftp远程命令注入漏洞

Bugraq ID: 36254 Apache modproxyftp是一款用于处理FTP代理请求的Apache模块。 Apache modproxyftp不正确过滤用户输入数据，远程攻击者可以利用漏洞以应用程序安全上下文执行任意命令。 Intevydis公司发布的商业漏洞利用工具已经提供相关的攻击信息。目前没有详细漏洞细节提供。 Apache Software Foundation modproxyftp 厂商解决方案: 目前没有解决方案提供： http://httpd.apache.org/docs/2.0/mod/modproxyftp.html...

StoneTrip S3DPlayers remote command injection

StoneTrip S3DPlayers remote command injection 1. Advisory Information Title: StoneTrip S3DPlayers remote command injection Advisory Id: CORE-2009-0401 Advisory URL: Date published: 2009-05-28 Date of last update: 2010-05-18 Vendors contacted: StoneTrip Release mode: User release 2. Vulnerability...

Nagios 3.0.6 - &#039;statuswml.cgi&#039; Arbitrary Shell Command Injection

source: https://www.securityfocus.com/bid/35464/info Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary shell commands with the privileges of the user running th...

NC GBook 1.0 Command Injection

-------------------------------------------------------------- NC GBook 1.0 Remote Command injection Exploit --------------------------------------------------------------- Founder :ThE g0bL!N Vendor:http://www.php-gaestebuch.com Thank You Very Much His0k4...