Command injection

Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130...

CVE-2016-1450

Cisco WebEx Meetings Server 2.6 is affected by a remote authenticated command-injection vulnerability tied to file-type handling during uploads (CVE-2016-1450, Bug ID CSCuy92715). The issue allows an authenticated attacker to craft upload content that leads to arbitrary command execution on the s...

CVE-2016-1449

Cisco WebEx Meetings Server 2.6 is affected by CVE-2016-1449: a reflected XSS caused by insufficient validation of user-supplied input, exploitable via a crafted URL to inject arbitrary script in a user’s context. Cisco’s advisory (Cisco Security Advisory cisco-sa-20160714-wms3) notes that softwa...

CVE-2016-1446

Cisco WebEx Meetings Server 2.6 contains a SQL injection vulnerability exploitable by remote, authenticated users to execute arbitrary SQL commands via unspecified vectors (Bug CSCuy83200). Root cause is lack of input validation in SQL queries. Cisco has released software updates addressing the i...

Antelope Software W4-Server 2.6 a/Win32 Cgitest.exe Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform bounds checking on user supplied data and is...

Antelope Software W4-Server 2.6 aWin32 - Cgitest.exe Remote Buffer Overflow

Antelope Software W4-Server 2.6 aWin32 - Cgitest.exe Remote Buffer Overflow // source: https://www.securityfocus.com/bid/802/info Certain versions of the W4-Server 32-bits personal webserver by Antelope Software ship with a flawed script, Cgitest.exe. This compiled CGI script fails to perform...