50 matches found
SITOS six Build Injection Vulnerability
SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. An injection vulnerability exists in SITOS six Build v6.2.1. The vulnerability stems from a lack of proper validation of user input data by a networked system...
Command injection
s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...
CVE-2019-11446
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...
OTRS 5.x <= 5.0.24 and 6.x <= 6.0.1 RCE Vulnerability
OTRS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with t...
There is no Wscript. shell component to provide the right what do we do?- Vulnerability warning-the black bar safety net
Source: love toxic There may be a lot of people, seeing close up the wscript. shell,you feel no mention of the right to hope. It will give up. Generally when the closed surface components, you upload the cmd. exe to above to is running no command. The runtime will tell the fault. If you want to r...
CVE-2005-2411
Cross-Site Request Forgery CSRF vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user...
vBulletin <= 3.0.4 ""forumdisplay.php"" Code Execution (part 2)
No description provided by source. ?php / vbulletin 3.0.x execute command by AL3NDALEEB al3ndaleebatuk2.net First condition : $vboptions'showforumusers' == True , the admin must set showforumusers ON in vbulletin options. Second condition: $bbuserinfo'userid' == 0 , you must be an visitor/guest...
AllMyGuests PHP Code Injection vulnerability
AllMyGuests PHP Code Injection vulnerability Product : AllMyGuests Vendor : www.php-resource.net Date : February 14, 2004 Problem : PHP Code Injection Vendor Contacted ? : No Source in /include/info.inc.php -------------------------------------------------------------- $AMGinfoget =...
id Software Solaris Quake II 3.13/3.14 / QuakeWorld 2.0/2.1 / Quake 1.9/3.13/3.14 - Command Execution
// source: https://www.securityfocus.com/bid/90/info The Quake server has a feature where it allows administrators to remotely send commands to the Quake console with a password. However, it is possible to remotely bypass authentication. In order for this to be exploited, the attacker would have ...