13 matches found
EUVD-2019-9089
Malware in sbrugna...
EUVD-2009-3085
Malware in sbrugna...
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks=Apply= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...
Command injection
In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...
CVE-2019-19469
In Zmanda Management Console 3.3.9, ZMCAdminAdvanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials...
CVE-2019-19469
CVE-2019-19469 affects Zmanda Management Console (ZMC) 3.3.9. The vulnerability is a CSRF flaw in ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= that can enable command injection via shell metacharacters, with potential reliance on weak default credentials. Exploitation is demonstrated/...
Zmanda Management Console Cross-Site Request Forgery Vulnerability
Zmanda Management Console ZMC is a management console program for connecting to, and managing, the Zmanda Cloud from Zmanda USA. A cross-site request forgery vulnerability in Zmanda ZMC version 3.3.9 can be exploited by an attacker to execute arbitrary code on a server using the Zmanda Management...
CVE-2009-3102
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager ZRM for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQLBINPATH variable...
Design/Logic Flaw
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager ZRM for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQLBINPATH variable...
CVE-2009-3102
The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager ZRM for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQLBINPATH variable...
Zmanda Recovery Manager for MySQL socket-server.pl MYSQL_BINPATH Variable Command Execution
The remote service appears to be Zmanda Recovery Manager ZRM for MySQL's socket-server.pl. ZRM for MySQL offers a backup and recovery solution for MySQL, and the socket-server.pl component typically runs on a MySQL server out of xinetd to support remote operations. The installed version of...