1767 matches found
Symantec Web Gateway Multiple Script Shell Command Execution (SYM12-011)
The Symantec Web Gateway install on the remote host is affected by a remote shell command execution vulnerability due to its failure to sanitize input to the 'ip' parameter of the 'fromha.php' script. An unauthenticated, remote attacker can exploit this vulnerability to save a random PHP script o...
Symantec Web Gateway Management Console Remote Shell Command Execution (CVE-2012-0297)
A remote command execution vulnerability has been reported in Symantec Web Gateway. The vulnerability is due to improper input validation by the web server. A remote attacker can exploit this issue by sending a specially crafted HTTP request to the affected server. Successful exploitation could...
[SECURITY] [DSA 2503-1] bcfg2 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2503-1 [email protected] http://www.debian.org/security/ Florian Weimer June 28, 2012 http://www.debian.org/security/faq -...
Python Untrusted Search Path/Code Execution Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Python untrusted search path/code execution vulnerability Date: 7.6.12 Exploit Author: rogueclown Vendor Homepage: http://www.python.org Software Link: http://www.python.org/getit/releases/ Version: python 2.7.2 and python 3.2.1...
php5. 4. 3 remote code execution vulnerabilities, and provide the right kind of work-vulnerability warning-the black bar safety net
PHP comprinttypeinfovulnerability through PHP code to call"exec"to run the SHELL command With this mention of the right is not very convenient? // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant...
Debian DSA-2503-1 : bcfg2 - shell command injection
It was discovered that malicious clients can trick the server component of the Bcfg2 configuration management system to execute commands with root privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
DSA-2503-1 bcfg2 - shell command injection
Bulletin has no description...
ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-090 June 8, 2012 - -- CVE ID: CVE-2012-0297 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...
Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec in multiple...
Cobbler xmlrpc API power_system Method Remote Shell Command Execution
According to its self-reported version, the Cobbler install on the remote host is affected by a command injection vulnerability that can be exploited by sending a specially crafted username or password argument to the 'powersystem' method. Successful exploitation requires an authenticated user an...
RedHat Update for logrotate RHSA-2011:0407-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
RedHat Update for logrotate RHSA-2011:0407-01
Check for the Version of logrotate OpenVAS Vulnerability Test RedHat Update for logrotate RHSA-2011:0407-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
HP SAN/iQ < 9.5 Root Shell Command Injection
The version of SAN/iQ running on the remote host has a command injection vulnerability. The hydra service, used for remote management and configuration, does not properly sanitize untrusted input. A remote attacker could exploit this to execute arbitrary commands as root. Authentication is...
IBM Report: Mobile Attacks, Phishing Attacks Mount in 2011
Spam volume is down, there are fewer unpatched software holes and oftware application developers did a better job of writing secure code over the last year. But IBM’s X-Force Trend and Risk Report still found plenty to worry about in 2011, according to a copy of the report released this week...
Debian Security Advisory DSA 2423-1 (movabletype-opensource)
The remote host is missing an update to movabletype-opensource announced via advisory DSA 2423-1. OpenVAS Vulnerability Test $Id: deb24231.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2423-1 movabletype-opensource Authors: Thomas Reinke Copyright:...
Debian DSA-2423-1 : movabletype-opensource - several vulnerabilities
Several vulnerabilities were discovered in Movable Type, a blogging system : Under certain circumstances, a user who has 'Create Entries' or'Manage Blog' permissions may be able to read known files on the local file system. The file management system contains shell command injection...
DSA-2423-1 movabletype-opensource - several
Bulletin has no description...
OpenEMR 4.1 - '/Interface/fax/fax_dispatch.php?File' 'exec()' Call Arbitrary Shell Command Execution
source: https://www.securityfocus.com/bid/51788/info OpenEMR is prone to local file-include and command-injection vulnerabilities because it fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to execute arbitrary shell commands with the privileges of the us...
Gitorious Arbitrary Command Execution
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Debian DSA-2380-1 : foomatic-filters - shell command injection
It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers. CVE-2011-2697 was assigned to the vulnerability in the Perl implementation included in lenny, a...