Exploits/OS Command Injection/Known Vulnerabilities

Microsoft Exchange Validation Key Remote OS Command Injection Exploit Update Improvements

.NET deserialization vulnerability in the Microsoft Exchange Control Panel web page allows authenticated attackers to execute OS commands with SYSTEM privileges. The lack of randomization in the validationKey and decryptionKey values at installation allows an attacker to create a crafted viewstate to execute OS commands via .NET deserialization.

Microsoft Exchange Validation Key Remote OS Command Injection Exploit Update

.NET deserialization vulnerability in the Microsoft Exchange Control Panel web page allows authenticated attackers to execute OS commands with SYSTEM privileges. The lack of randomization in the validationKey and decryptionKey values at installation allows an attacker to create a crafted viewstate to execute OS commands via .NET deserialization.

Microsoft Exchange Validation Key Remote OS Command Injection Exploit

.NET deserialization vulnerability in the Microsoft Exchange Control Panel web page allows authenticated attackers to execute OS commands with SYSTEM privileges. The lack of randomization in the validationKey and decryptionKey values at installation allows an attacker to create a crafted viewstate to execute OS commands via .NET deserialization.

Microsoft SQL Server Reporting Services Remote OS Command Injection Exploit

A deserialization vulnerability in Microsoft SQL Server Reporting Services allows an authenticated attacker to execute arbitrary commands in the context of the Report Server service account.

rConfig ajaxServerSettingsChk and search_crud Remote OS Command Injection Exploit

An unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php allows an attacker to send a request that will attempt to execute OS commands with permissions of the rConfig process on the host system. Also, an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php allows an attackers to do the same as previous, but credentials are required.

Apache Solr Velocity Template Remote OS Command Injection Exploit Update

A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands. This update adds automatic core name detection and newer supported versions.

Apache Solr Velocity Template Remote OS Command Injection Exploit

A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.

Kibana Timelion Visualizer Remote Javascript OS Command Injection Exploit

An arbitrary code execution vulnerability in the Kibana Timelion visualizer allows an attacker with access to the application to send a request that will attempt to execute javascript code with permissions of the Kibana process on the host system.

Atlassian Jira Template Injection Vulnerability Remote OS Command Injection Exploit

Server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. If an SMTP server has been configured, then an unauthenticated user can execute code on vulnerable systems using the ContactAdministrators action if the "Contact Administrators Form" is enabled; or an authenticated user can execute code on vulnerable systems using the SendBulkMail action if the user has "JIRA Administrators" access.

Oracle Weblogic Server AsyncResponseService Deserialization Vulnerability Remote Code Execution

An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host. The attacker must have network access to the Oracle Weblogic Server T3 interface.