RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.
The REST plugin in the Apache Struts 2 framework is prone to a remote code execution vulnerability when evaluating OGNL expressions when Dynamic Method Invocation is enabled. This vulnerability allows remote attackers to execute arbitrary Java code on the affected server. This module exploits the vulnerability in any web application built on top of vulnerable versions of Apache Struts 2 making use of the REST plugin with the Dynamic Method Invocation feature enabled. This exploit installs an OS Agent.
This module uses an unauthenticated deserialization vulnerability in Magento eCommerce Web Sites to perform an arbitrary write file to gain arbitrary PHP code execution on the affected system.
This module creates a file in the specified directory. The file abuses a command injection in ImageMagic, downloading an Impact agent and deploying it in the target system. Because ImageMagick is widely used -specially in web applications-, this module will only provide the file with the attack. The file can then used in multiple ways; for example, uploaded to a web site under test.
A vulnerability exists in the FileUploadServlet servlet of WebNMS Framework Server. This servlet allows unauthenticated file uploads. By uploading a JSP file, an attacker can achieve remote code execution.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/domains resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/wmi_domain_controllers resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Trend Micro InterScan Web Security Virtual Appliance is prone to an OS command injection vulnerability when handling HTTP requests for the /rest/testConfiguration resource. This vulnerability can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on the vulnerable server.
Solarwinds Virtualization Manager is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the JMX/RMI service used to manage and monitor the Java Virtual Machine.
The specific flaw exists within the edit_lf_process function of the service. The issue lies in in the ability to write arbitrary files with controlled data. This vulnerability is related to Reprise License Server so all the products that uses this 3rd party software might be vulnerable.