vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
CVSS
7.5
UNKNOWN
Published
Aug 29, 2014
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for vmturbo products.
Search results
Showing 1-2 of 2 vulnerabilities.
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
CVSS
7.5
UNKNOWN
Published
Aug 29, 2014
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
CVSS
5.0
UNKNOWN
Published
May 21, 2014