Lucene search
K

412 matches found

CVE
CVE
added 2018/07/31 2:0 p.m.39 views

CVE-2018-12941

SeedDMS is affected by a remote code execution/command injection vulnerability (CVE-2018-12941) prior to version 5.1.8. An authenticated user with Settings permissions can manipulate the Cache directory path (cacheDir) to inject arbitrary system commands via the Clear Cache workflow, enabling exe...

9CVSS8.8AI score0.03584EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/09/22 12:0 a.m.7 views

Digium Asterisk GUI OS Command Injection Vulnerability

The Asterisk GUI is a framework for configuring graphical user interfaces. An OS command injection vulnerability exists in Digium Asterisk GUI, which could allow an attacker to execute arbitrary code on a system by injecting OS commands into the program's URL requests...

9CVSS9.2AI score0.06447EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2017/08/30 12:0 a.m.71 views

Malicious GIT HTTP Server

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...

8.5AI score0.77823EPSS
Exploits9
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/08 9:6 a.m.6 views

WCR-1166DS vulnerable to OS command injection

Overview WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

7.7CVSS7.5AI score0.00732EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/03/31 12:0 a.m.16 views

Operating System Command Injection

OS command injection occurs when user supplied input is used to form a command to be executed by the operating system. Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being...

7.9AI score
Exploits0References2
CNVD
CNVD
added 2015/09/06 12:0 a.m.4 views

Cisco TelePresence Video Communication Server Expressway Operating System Command Injection Vulnerability

Cisco TelePresence Video Communication Server VCS Expressway is a TelePresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A...

6.9CVSS6.8AI score0.0054EPSS
Exploits0References1
Symantec
Symantec
added 2014/12/16 8:0 a.m.29 views

Symantec Web Gateway OS Authenticated Command Injection

SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...

6.5CVSS0.4AI score0.50324EPSS
Exploits6Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

SmarterStats 6.0 - Multiple Vulnerabilities

No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...

7.1AI score
Exploits0
CISA
CISA
added 2014/01/15 12:0 a.m.8 views

Cisco Releases Security Advisory for Cisco Secure Access Control System

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System ACS. These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS...

7.5AI score
Exploits0References1
ICS
ICS
added 2012/08/24 6:0 a.m.51 views

Sinapsi Devices Vulnerabilities

Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...

10CVSS7.8AI score0.11946EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2011/01/14 12:0 a.m.259 views

CGI Generic Command Execution (time-based, intrusive)

The remote web server hosts CGI scripts that seem to fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. Note that : - This script uses a time-based detection method that is less reliable than the basic...

6AI score
Exploits0References2
seebug.org
seebug.org
added 2006/03/18 12:0 a.m.17 views

ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl ShoutLIVE = 1.1.0 Remote Php Code Execution Based on: http://www.frsirt.com/bulletins/4109 Credits: Coded by DarkFig Website: http://disarm.free.fr/bohard/ Greetz: All AcidRoot/Bod members = use IO::Socket; use LWP::Simple; if!$ARGV1headers; print...

7.1AI score
Exploits0
Rows per page
Query Builder