ProFTPD mod_copy command execution

Added: 05/29/2015 CVE: CVE-2015-3306 BID: 74238 OSVDB: 120834 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem The modcopy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO...

ProFTPD mod_copy command execution

Added: 05/29/2015 CVE: CVE-2015-3306 BID: 74238 OSVDB: 120834 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem The modcopy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO...

Samba shared library upload and execution

Added: 06/08/2017 CVE: CVE-2017-7494 BID: 98636 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in Samba allows a remote attacker to upload a shared object library to a writab...

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

Microsoft SharePoint Picker.aspx deserialization vulnerability

Added: 03/03/2020 CVE: CVE-2019-0604 BID: 106914 Background Microsoft SharePoint is a tool for management and automation of business processes, as well as a platform for social networking. Problem A deserialization vulnerability in Microsoft SharePoint allows remote attackers to execute arbitrary...

Microsoft Exchange Server ProxyLogon vulnerability

Added: 03/19/2021 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenced in Microsoft Advisory...

ProFTPD mod_copy command execution

Added: 05/29/2015 CVE: CVE-2015-3306 BID: 74238 OSVDB: 120834 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem The modcopy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO...

Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability

Added: 04/12/2012 CVE: CVE-2012-0158 BID: 52911 OSVDB: 81125 Background Microsoft Windows bundles various common ActiveX controls in the Common Controls library MSCOMCTL.OCX. Several Windows applications use these controls. Problem Various ActiveX controls in MSCOMCTL.OCX in the Common Controls i...

Microsoft Word and WordPad RTF HTA handler command execution

Added: 04/20/2017 CVE: CVE-2017-0199 BID: 97498 Background Rich Text Format RTF is a text file format supported by various Microsoft products and word processors. RTF supports text styling, images, and embedded objects. Problem A vulnerability in Microsoft Word and WordPad could allow command...

Samba shared library upload and execution

Added: 06/08/2017 CVE: CVE-2017-7494 BID: 98636 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in Samba allows a remote attacker to upload a shared object library to a writab...

Free Download Manager Remote Control Server HTTP Authorization buffer overflow

Added: 02/04/2009 CVE: CVE-2009-0183 BID: 33554 OSVDB: 51745 Background Free Download Manager is a download accelerator and manager for Windows systems. Problem A buffer overflow vulnerability in the Free Download Manager Remote Control Server allows remote attackers to execute arbitrary commands...

PHPMailer PwnScriptum Remote Code Execution

Added: 01/05/2017 BID: 95108 Background PHPMailer is a PHP class used for sending email from PHP. It is used by many open-source projects, e.g., WordPress, Drupal, and Joomla. Problem PHPMailer class mailSend function is vulnerable to command injection due to failure to properly sanitize the...

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

ProFTPD mod_copy command execution

Added: 05/29/2015 CVE: CVE-2015-3306 BID: 74238 OSVDB: 120834 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem The modcopy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO...

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

Windows SMBv1 Remote Command Execution

Added: 04/26/2017 CVE: CVE-2017-0143 BID: 96703 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A vulnerability in the...

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

ASUSWRT vpnupload.cgi authentication bypass

Added: 02/28/2018 CVE: CVE-2018-5999 Background ASUSWRT is the firmware used in many ASUS devices. Problem The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST...

Microsoft Word and WordPad RTF HTA handler command execution

Added: 04/20/2017 CVE: CVE-2017-0199 BID: 97498 Background Rich Text Format RTF is a text file format supported by various Microsoft products and word processors. RTF supports text styling, images, and embedded objects. Problem A vulnerability in Microsoft Word and WordPad could allow command...

SPIP password reset serialization vulnerability

Added: 06/23/2023 Background SPIP is a web-based publishing system written in PHP. Problem Mishandling of serialized data in SPIP's password reset form allows remote attackers to execute arbitrary commands. Resolution Upgrade to SPIP 3.2.18, 4.0.10, 4.1.8, 4.2.1 or higher. References...

Apache Struts REST plugin XStream deserialization vulnerability

Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...

Windows SMBv1 Remote Command Execution

Added: 04/26/2017 CVE: CVE-2017-0143 BID: 96703 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A vulnerability in the...

Drupal Form API command execution

Added: 04/25/2018 CVE: CVE-2018-7600 BID: 103534 Background Drupal is an open-source content management system written in PHP. Problem Insufficient sanitization on Form API AJAX requests could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to Drupal 7.58, 8.3.9, 8.4.6,...

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

FreePBX Recordings Backdoor Upload

Added: 10/14/2016 Background FreePBX is a web-based open-source graphical user interface used to manage Asterisk PBX, an open-source communication server. The FreePBX System Recordings module allows playback of recorded files. Problem The System Recordings module in FreePBX 13 and 14 is vulnerabl...

Apache Struts 2 Jakarta Multipart Parser file upload command execution

Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...

MicroTik RouterOS SMB buffer overflow

Added: 04/02/2018 CVE: CVE-2018-7445 BID: 103427 Background RouterOS is a Linux-based operating system used by MicroTik devices. Problem A buffer overflow in the SMB service could allow a remote, unauthenticated attacker to execute arbitrary commands. Resolution Upgrade to RouterOS 6.41.3 or...

Password Hash Grabber

Added: 05/27/2009 Background This tool grabs the windows SAM file or password hashes of the target. The SAM file / password hashes can be viewed in the exploit tools previous results section. Results may be used with third party programs to obtain passwords in plain text. Limitations Password Has...

Cisco IOS HTTP access level authentication bypass

Added: 12/23/2010 CVE: CVE-2001-0537 BID: 2936 OSVDB: 578 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands at the highest privilege level level 15 without needing to authenticate by...

Jenkins groovy.util.Expando Java deserialization vulnerability

Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...

Microsoft Windows Common Controls MSCOMCTL.OCX Vulnerability

Added: 04/12/2012 CVE: CVE-2012-0158 BID: 52911 OSVDB: 81125 Background Microsoft Windows bundles various common ActiveX controls in the Common Controls library MSCOMCTL.OCX. Several Windows applications use these controls. Problem Various ActiveX controls in MSCOMCTL.OCX in the Common Controls i...

Microsoft Internet Explorer layout-grid-char Style Property Use-After-Free Memory Corruption

Added: 09/19/2011 CVE: CVE-2011-1260 BID: 48208 OSVDB: 72950 Background Cascading Style Sheets CSS is a simple mechanism for adding style to web documents. Problem A use-after-free vulnerability exists in Microsoft's Internet Explorer layout engine in mshtml.dll when handling extra-large values f...

Internet Explorer VML rect fill buffer overflow

Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...

Microsoft Exchange Server ProxyLogon vulnerability

Added: 03/19/2021 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A server-side request forgery vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary commands. Resolution Apply the patch referenced in Microsoft Advisory...

IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...

Apache Struts double OGNL evaluation

Added: 11/27/2020 CVE: CVE-2019-0230 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigatio...

Samba shared library upload and execution

Added: 06/08/2017 CVE: CVE-2017-7494 BID: 98636 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in Samba allows a remote attacker to upload a shared object library to a writab...

Drupal Form API command execution

Added: 04/25/2018 CVE: CVE-2018-7600 BID: 103534 Background Drupal is an open-source content management system written in PHP. Problem Insufficient sanitization on Form API AJAX requests could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to Drupal 7.58, 8.3.9, 8.4.6,...

Windows RRAS Service Remote Code Execution Vulnerability

Added: 06/06/2018 BID: 102055 Background Routing Remote Access Service RRAS is a Microsoft API that can be used to create client applications. These applications display RAS common dialog boxes, manage remote access connections and devices, and manipulate phone-book entries. These APIs make it...

Apache Struts REST plugin XStream deserialization vulnerability

Added: 09/08/2017 CVE: CVE-2017-9805 BID: 100609 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The REST plugi...

Windows SMBv1 Transaction race condition

Added: 03/15/2018 CVE: CVE-2017-0146 BID: 96707 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A race condition when...

HP Intelligent Management Center dbman opcode 10008 command injection

Added: 12/14/2017 CVE: CVE-2017-5816 BID: 98469 Background HP Intelligent Management Center IMC, also known as HP iNode Management Center, is a comprehensive management platform for delivering integrated, modular network management capabilities. Problem A remote, unauthenticated attacker could...

Exim SMTP listener base64d function one-character buffer overflow

Added: 05/16/2018 CVE: CVE-2018-6789 BID: 103049 Background Exim is a mail transfer agent used on Unix-like operating systems. Problem Exim 5.90 and earlier are vulnerable to a one-character buffer overflow in the base64d function in the SMTP listener. Resolution Upgrade to Exim 4.90.1 or higher,...

Red Hat DHCP client NetworkManager integration script command injection

Added: 05/18/2018 CVE: CVE-2018-1111 BID: 104195 Background The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem. Problem A command injection vulnerability in the NetworkManager integration script could allow arbitrary command...

MicroTik RouterOS SMB buffer overflow

Added: 04/02/2018 CVE: CVE-2018-7445 BID: 103427 Background RouterOS is a Linux-based operating system used by MicroTik devices. Problem A buffer overflow in the SMB service could allow a remote, unauthenticated attacker to execute arbitrary commands. Resolution Upgrade to RouterOS 6.41.3 or...

Apache Struts 2 Struts 1 plugin Showcase OGNL code execution

Added: 06/06/2018 CVE: CVE-2017-9791 BID: 99484 Background Apache Struts is an open-source web application framework for developing Java EE web applications. The Struts 1 plugin allows developers to use Struts 1 Actions and ActionForms in Struts 2 applications. The Showcase application is an...

Jenkins groovy.util.Expando Java deserialization vulnerability

Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...

Red Hat DHCP client NetworkManager integration script command injection

Added: 05/18/2018 CVE: CVE-2018-1111 BID: 104195 Background The DHCP client on Red Hat Enterprise Linux includes a script which provides integration with the NetworkManager subsystem. Problem A command injection vulnerability in the NetworkManager integration script could allow arbitrary command...

Windows SMBv1 Transaction race condition

Added: 03/15/2018 CVE: CVE-2017-0146 BID: 96707 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. SMBv1 was the first version of this protocol and is still supported by modern Windows versions. Problem A race condition when...

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....