Cacti <= 0.8.7e - OS Command Injection

The vulnerability can be triggered by any user doing: 1 Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ without single quotes and Save it. Edit the Device again and reload any data query already created. CMD will be executed with Web Server rights. 2 Edit or Create a Graph Template and...

Cacti 0.8.7e - OS Command Injection

CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system running Cacti. The vulnerability ca...

Cacti 0.8.7e - OS Command Injection

Cacti 0.8.7e - OS Command Injection CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system...

GLSA-200507-03 : phpBB: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200507-03 phpBB: Arbitrary command execution Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Impact : Successful exploitation would grant an attacker unrestricted access to the PHP exec or...

phpcalendar.txt

GulfTech Security Research December 28th, 2004 Vendor : Sean Proctor URL : http://php-calendar.sourceforge.net/ Version : All Versions Risk : File Include Vulnerability Description: I was searching for a decent calendar which my group at school could use to keep track of events, etc. We were...

Aspupload installs exploitable scripts

Title: ASPUPLOAD Installs Exploitable Scripts By Default http://www.aspupload.com/ Author: Brett Moore [email protected] Systems Affected: Version 2.1 On Windows Version 3.0 Was Not Available For Testing Release Date: 30/11/2001 Vendor Contacted: 31/10/2001 Vendor Responded:31/10/2001...