Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'Remote Command Execution' Category

PacerCMS “last_module” PHP Code Execution

Published by TL Guan February 22nd, 2008 in Content Management and Remote Command Execution.

Application: PacerCMS
Affected Version: 0.6.2 and other versions.
Vendor’s URL: http://pacercms.sourceforge.net/
Bug Type: Remote Code Execution
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Coppermine Photo Gallery Multiple Vulnerabilities

Published by TL Guan February 21st, 2008 in Cross Site Scripting, Image Galleries and Remote Command Execution.

Application: Coppermine Photo Gallery
Affected Version: 1.4.14 and other versions.
Vendor’s URL: http://coppermine-gallery.net/
Bug Type: Cross Site Scripting and System Access
Risk Level: Critical

Solution:
Update to version 1.4.15.

MyBB PHP Code Execution and SQL Injection

Published by TL Guan January 22nd, 2008 in Discussion Boards, Remote Command Execution and SQL Injection.

Application: MyBB
Affected Version: 1.2.10 and prior versions.
Vendor’s URL: http://www.mybboard.net/
Bug Type: System access, SQL Injection
Risk Level: Critical

Solution:
Update to version 1.2.11.

Drupal Meta Tags Module Code Execution

Published by TL Guan January 22nd, 2008 in Content Management and Remote Command Execution.

Application: Drupal Meta Tags Module
Affected Version: 5.x-1.6.
Vendor’s URL: http://drupal.org/project/nodewords
Bug Type: System access
Risk Level: Critical

Solution:
Update to version 5.x-1.7.

Xcms PHP Code Execution and LFI

Published by TL Guan January 22nd, 2008 in Content Management, File Inclusion and Remote Command Execution.

Application: Xcms
Affected Version: prior to 1.84.
Vendor’s URL: http://www.xcms.it/
Bug Type: Security Bypass, System Access
Risk Level: Critical

Solution:
Update to version 1.84.

SyndeoCMS “cmsdir” File Inclusion Vulnerability

Published by David November 21st, 2007 in Access Bypass and Remote Command Execution.

Application: SyndeoCMS
Affected Version: SyndeoCMS 2.x
Vendor’s URL: Application site
Bug Type: Access Bypass
Risk Level: Low

Solution:
Update to version 2.5.01.

CONTENTCustomizer “dialog.php” Information Disclosure

Published by David November 21st, 2007 in Remote Command Execution.

Application: CONTENTCustomizer
Affected Version: CONTENTCustomizer 3.x
Vendor’s URL: Application site
Bug Type: Exposure of sensitive information
Risk Level: Critical

Solution:
Contact to provider for proper action.

Original Photo Gallery ‘exif_prog’ Arbitrary Command Execution

Published by David October 23rd, 2007 in Access Bypass and Remote Command Execution.

Application: Original Photo Gallery
Affected Version: Original Photo Gallery 0.11.2 and prior version
Vendor’s URL: Application download site
Bug Type: System access bypass remotely.
Risk Level: Critical

Solution:
Update to version 0.11.3.

MediaWiki XSS

Published by David September 21st, 2007 in Cross Site Scripting and Remote Command Execution.

Application: MediaWiki
Affected Version:
MediaWiki 1.11 < = 1.11.0rc1
MediaWiki 1.10 <= 1.10.1
MediaWiki 1.9 <= 1.9.3
MediaWiki 1.8 <= 1.8.4 (if $wgEnableAPI has been switched on)
Vendor’s URL: MediaWiki HomePage
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.11.0, 1.10.2, 1.9.4, or 1.8.5.

Joomla Restaurante Component File Upload Vulnerability

Published by David September 21st, 2007 in Remote Command Execution.

Application: Joomla
Affected Version: Restaurante 1.x
Vendor’s URL: Restaurante DownloadPage
Bug Type: Malicious file upload cause script exploit
Risk Level: High

Solution:
Update to latest version.

Remote command execution in Joomla! CMS

Published by David August 17th, 2007 in Remote Command Execution.

Application: Joomla
Affected Version: 1.5 beta 2
Vendor’s URL: http://www.joomla.org/
Bug Type: Command Execution
Risk Level: Medium

Solution:
Upgrade to latest stable version 1.5 RC immediately which fixed the issue!

PHPMailer Remote Command Execution

Published by TL Guan June 21st, 2007 in Mailing Lists and Remote Command Execution.

Application: PHPMailer
Affected Version: 1.73 or other versions may be affected
Vendor’s URL: http://phpmailer.sourceforge.net/
Bug Type: Remote Command Execution
Risk Level: Critical

Solution:
Edit the source code to make sure input is properly verified
Stop using this application until patch is released.
Waiting for updates or patches from vendor

About

You are currently browsing the Exabytes Security Portal weblog archives for the Remote Command Execution category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional