86 matches found
Design/Logic Flaw
An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions...
SITOS six Build Injection Vulnerability
SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. An injection vulnerability exists in SITOS six Build v6.2.1. The vulnerability stems from a lack of proper validation of user input data by a networked system...
McAfee Advanced Threat Defense (ATD) Remote Code Execution Vulnerability
McAfee Advanced Threat Defense ATD is a set of threat detection and defense solutions from the U.S. company McAfee McAfee, providing malware analysis, sharing threat intelligence and isolating compromised systems. A remote code execution vulnerability exists in McAfee Advanced Threat Defense ATD...
Command injection
s/sprm/s/dyn/PlayersetScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the execute function...
CVE-2019-11446
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase a...
CURL-CVE-2018-1000300 FTP shutdown response buffer overflow
curl might overflow a heap based memory buffer when closing down an FTP connection with long server command replies. When doing FTP transfers, curl keeps a spare "closure handle" around internally that is used when an FTP connection gets shut down since the original curl easy handle is then alrea...
OTRS 5.x <= 5.0.24 and 6.x <= 6.0.1 RCE Vulnerability
OTRS is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...
Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability(CVE-2016-4323)
DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splas...
daloRADIUS 0.9-9 SQL Injection / Code Execution Vulnerabilities
Exploit for php platform in category web applications Abstract -------- "daloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, a billing engine and integrates with...
Symantec Encryption Management Server Local Command Injection Vulnerability
Symantec Encryption Management Server is a single console for managing multiple encryption applications in the PGP platform. A command injection vulnerability exists in Symantec Encryption Management Server's handling of database backup recovery, which could be exploited by a remote attacker to...
openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0627-1)
postgresql was updated to version 9.1.9 bnc812525 : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with '-' could be crafted to damage or destroy files within the server's data directory, even if the request is...
openSUSE Security Update : postgresql92 (openSUSE-SU-2013:0628-1)
postgresql was updated to version 9.2.4 bnc812525 : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with '-' could be crafted to damage or destroy files within the server's data directory, even if the request is...
Immunity Canvas: IE_HELP
Name| iehelp ---|--- CVE| CVE-2010-0483 Exploit Pack| CANVAS Description| iehelp Notes| CVE Name: CVE-2010-0483 VENDOR: Microsoft Notes: Use from httpserver with name iehelp. Options are: message - Message of the MessageBox to be displayed to the user default: "Press F1 to stop this" Must not be...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with t...
There is no Wscript. shell component to provide the right what do we do?- Vulnerability warning-the black bar safety net
Source: love toxic There may be a lot of people, seeing close up the wscript. shell,you feel no mention of the right to hope. It will give up. Generally when the closed surface components, you upload the cmd. exe to above to is running no command. The runtime will tell the fault. If you want to r...
MySQL: SQL Injection
Background MySQL is a popular multi-threaded, multi-user SQL server. Description MySQL is vulnerable to an injection flaw in mysqlrealescape when used with multi-byte characters. Impact Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements...
CVE-2005-2411
Cross-Site Request Forgery CSRF vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user...
vBulletin <= 3.0.4 ""forumdisplay.php"" Code Execution (part 2)
No description provided by source. ?php / vbulletin 3.0.x execute command by AL3NDALEEB al3ndaleebatuk2.net First condition : $vboptions'showforumusers' == True , the admin must set showforumusers ON in vbulletin options. Second condition: $bbuserinfo'userid' == 0 , you must be an visitor/guest...
ignitionServer DoS
Insufficient restrictions on the "SERVER" command can be exploited by clients to introduce non-existing servers to the network...
ignitionServer SERVER Command Spoofed Server Saturation DoS
The remote host is running a version of the IgnitionServer IRC service that could be vulnerable to a denial of service in the SERVER command. An attacker could crash the remote host by misusing the SERVER command repeatdly. C Tenable Network Security, Inc. include"compat.inc"; ifdescription...