Posts Tagged ‘shell’

WordPress WP Mobile Detector 3.5 Shell Upload

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible […]

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection […]

DlxSpot Shell Upload

DlxSpot Player4 LED video wall suffers from a remote shell upload vulnerability. Versions greater than 1.5.10 are affected. Source: DlxSpot Shell Upload