100 matches found
FormBook Malware Targets U.S. Defense Contractors, Aerospace and Manufacturing Sectors
Attackers spreading new malware called FormBook are singling out aerospace firms, defense contractors and some manufacturing organizations in the United States and South Korea. According to researchers at FireEye, FormBook was spotted in several high-volume distribution campaigns targeting the U....
Multiple Vulnerabilities in Aerohive HiveOS
Aerohive HiveOS is a set of operating systems for use in wireless access points and routers from Aerohive. Aerohive HiveOS suffers from local file inclusion and remote command execution vulnerabilities that could be exploited by an attacker to obtain sensitive information or execute arbitrary...
CVE-2017-3138
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...
iTop Remote Code Execution Vulnerability
iTop is open source ITIL ITSM software. A remote code execution vulnerability exists in iTop. Allowing an attacker to execute arbitrary system commands on a web server to obtain complete vulnerable web applications and databases may contain very sensitive information...
Multiple Themes - Privilige Escalation
The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...
WordPress Pont Theme <= 1.5 - Privilige Escalation
Because of this privilege escalation vulnerability, the attackers can update options and execute commands on the server. Solution Update the theme...
Cybozu Garoon CGI vulnerable to remote command execution
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impac...
WebMaster ConferenceRoom 1.8 Developer Edition DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2178/info WebMaster ConferenceRoom Developer Edition is a chat package which enables a large community of users to chat together. ConferenceRoom has a wide range of capabilities and a user friendly channel moderation...
Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282)
Updated perl-HTTP-Body package fixes security vulnerability : Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to...
Webservice-DIC yoyaku_v41 vulnerable to command injection
Overview yoyakuv41 from Webservice-DIC contains a command injection vulnerability. yoyakuv41 from Webservice-DIC is a software to manage conference room reservations. yoyakuv41 contains a command injection vulnerability. This vulnerability is different from JVN80436657. Keigo Yamazaki of LAC Co.,...
imap-capabilities NSE Script
Retrieves IMAP email server capabilities. IMAP4rev1 capabilities are defined in RFC 3501. The CAPABILITY command allows a client to ask a server what commands it supports and possibly any site-specific policy. Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See...
PGPMail.pl detection
The 'PGPMail.pl' CGI is installed. Some versions up to v1.31 a least of this CGI do not properly filter user input before using it inside commands. This would allow a cracker to run any command on your server. Note: OpenVAS just checked the presence of this CGI but did not try to exploit the flaw...
DEBIAN-CVE-2005-2411
Cross-Site Request Forgery CSRF vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user...
KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution
KDE FTP - KIOSlave URI Arbitrary FTP Server Command Execution source: https://www.securityfocus.com/bid/11827/info KDE FTP kioslave-based applications such as Konqueror are reported prone to an arbitrary FTP server command execution vulnerability. This issue is due to a failure of the application...
Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/6976/info Invision Board is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers. This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used in URI...
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is...
Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion
source: https://www.securityfocus.com/bid/6820/info It has been reported that Cedric Email Reader is prone to an issue that may allow remote attackers to include malicious files located on remote servers. This issue is present in the 'emailreaderexecuteoneachpage.inc.php' script. Under some...
Security updates: at, sudo, xchat
New packages are now available to address security issues with the at scheduler program found in Slackware 8.0's bin.tgz package, sudo, and xchat. Here's the information from the Slackware 8.0 ChangeLog: Mon Jan 21 13:21:07 PST 2002 patches/packages/at.tgz: Fixed a buffer overflow. Security fix...
Дырка в mailman
Недостаточная проверка ввода пользователя на наличие shell-символов дает возможность администраторам списков выполнять команды на сервере...
Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3 / Mail Server 5.0.1/5.0.2/5.0.3 - Remote Buffer Overflow
Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 Buffer Overflow source: https://www.securityfocus.com/bid/1229/info The code that handles the 'rcpt to' 'saml from' and 'soml from' commands in the ESMTP service of Lotus Domino Server has an unchecked buffer. If Lotus...