412 matches found
CVE-2018-12941
SeedDMS is affected by a remote code execution/command injection vulnerability (CVE-2018-12941) prior to version 5.1.8. An authenticated user with Settings permissions can manipulate the Cache directory path (cacheDir) to inject arbitrary system commands via the Clear Cache workflow, enabling exe...
Digium Asterisk GUI OS Command Injection Vulnerability
The Asterisk GUI is a framework for configuring graphical user interfaces. An OS command injection vulnerability exists in Digium Asterisk GUI, which could allow an attacker to execute arbitrary code on a system by injecting OS commands into the program's URL requests...
Malicious GIT HTTP Server
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Git HTTP Server For CVE-2017-1000117', 'Description' = %q This module exploits CVE-2017-1000117, which affects Git version 2.7.5 and...
WCR-1166DS vulnerable to OS command injection
Overview WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
Operating System Command Injection
OS command injection occurs when user supplied input is used to form a command to be executed by the operating system. Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being...
Cisco TelePresence Video Communication Server Expressway Operating System Command Injection Vulnerability
Cisco TelePresence Video Communication Server VCS Expressway is a TelePresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A...
Symantec Web Gateway OS Authenticated Command Injection
SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...
SmarterStats 6.0 - Multiple Vulnerabilities
No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...
Cisco Releases Security Advisory for Cisco Secure Access Control System
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System ACS. These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS...
Sinapsi Devices Vulnerabilities
Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...
CGI Generic Command Execution (time-based, intrusive)
The remote web server hosts CGI scripts that seem to fail to adequately sanitize request strings. By leveraging this issue, an attacker may be able to execute arbitrary commands on the remote host. Note that : - This script uses a time-based detection method that is less reliable than the basic...
ShoutLIVE <= 1.1.0 (savesettings.php) Remote Code Execution Exploit
No description provided by source. !/usr/bin/perl ShoutLIVE = 1.1.0 Remote Php Code Execution Based on: http://www.frsirt.com/bulletins/4109 Credits: Coded by DarkFig Website: http://disarm.free.fr/bohard/ Greetz: All AcidRoot/Bod members = use IO::Socket; use LWP::Simple; if!$ARGV1headers; print...