Lucene search
K

8755 matches found

Tenable Nessus
Tenable Nessus
added 2016/11/29 12:0 a.m.43 views

SUSE SLES11 Security Update : vim (SUSE-SU-2016:2938-1)

This update for vim fixes the following security issues : - Fixed CVE-2016-1248, an arbitrary command execution vulnerability bsc1010685 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...

7.8CVSS6.5AI score0.25314EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2016/11/29 12:0 a.m.55 views

FreeBSD : Roundcube -- arbitrary command execution (125f5958-b611-11e6-a9a5-b499baebfeaf)

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

7.5CVSS7.8AI score0.05621EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2016/11/29 12:0 a.m.66 views

Roundcube -- arbitrary command execution

The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...

7.5CVSS4.7AI score0.05621EPSS
Exploits2References2
ArchLinux
ArchLinux
added 2016/11/29 12:0 a.m.511 views

[ASA-201611-29] neovim: arbitrary command execution

Arch Linux Security Advisory ASA-201611-29 ========================================== Severity: High Date : 2016-11-29 CVE-ID : CVE-2016-1248 Package : neovim Type : arbitrary command execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package neovim before...

7.8CVSS8.2AI score0.25314EPSS
Exploits2References5
CNVD
CNVD
added 2016/11/23 12:0 a.m.2 views

Arbitrary Command Execution Vulnerability in Crowe Security Certification Gateway

Crowe Security Authentication Gateway is a user authentication, access and access control device, which can guarantee the information security of network and application resources. There is an arbitrary command execution vulnerability in the doubleview.php page of Crowe Security Gateway. An...

7.5AI score
Exploits0
FreeBSD
FreeBSD
added 2016/11/22 12:0 a.m.47 views

vim -- arbitrary command execution

Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...

7.8CVSS8.1AI score0.25314EPSS
Exploits2References2
CNVD
CNVD
added 2016/11/18 12:0 a.m.5 views

Veritas NetBackup Appliance Arbitrary Command Execution Vulnerability

Veritas NetBackup simplifies both the deployment and maintenance of data protection environments with a turnkey solution that is ideal for data centers, remote offices and virtual environments. A remote arbitrary command execution vulnerability exists in the Veritas NetBackup Appliance. An attack...

10CVSS7.8AI score0.04985EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/11/15 7:8 p.m.6 views

ansible: Command injection by compromised server via fact variables

Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...

9.1CVSS7.7AI score0.03253EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/11/15 12:0 a.m.35 views

GLSA-201611-05 : tnftp: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201611-05 tnftp: Arbitrary code execution The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact : A remote attacker could possibly execute arbitrary code with the privilege...

7.5CVSS6.2AI score0.69115EPSS
Exploits8References2
CNVD
CNVD
added 2016/11/09 12:0 a.m.9 views

IBM BigFix Platform Remote Command Injection Vulnerability

IBM BigFix Platform formerly known as IBM Endpoint Manager, Tivoli Endpoint Manager is a set of system management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other...

8.1CVSS8.1AI score0.01207EPSS
Exploits0References1
CNVD
CNVD
added 2016/11/09 12:0 a.m.2 views

Terminology Arbitrary Command Execution Vulnerability

Terminology belongs to a branch of linguistics. Terminology suffers from an arbitrary command execution vulnerability due to a failure to adequately filter user-supplied input. An attacker could be allowed to exploit this vulnerability to execute arbitrary commands...

7.8CVSS7.6AI score0.01114EPSS
Exploits0References1
CNVD
CNVD
added 2016/11/07 12:0 a.m.2 views

git-fastclone Arbitrary Command Execution Vulnerability

git-fastclone is a set of tools for cloning git. An arbitrary command execution vulnerability exists in git-fastclone versions prior to 1.0.1, which stems from a program executing arbitrary shell commands from .gitmodules. The vulnerability can be exploited to execute arbitrary shell commands by...

9.3CVSS7.8AI score0.05198EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2016/11/04 12:0 a.m.32 views

openSUSE Security Update : bash (openSUSE-2016-1260)

This update for bash fixes the following security issues : - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expand...

8.4CVSS6.8AI score0.06019EPSS
Exploits0References5
Check Point Advisories
Check Point Advisories
added 2016/11/03 12:0 a.m.2 views

FreePBX Framework remotemod Parameter Remote Command Execution

A remote command execution vulnerability exists in FreePBX. The vulnerability is due to lack of sanitization for 'remotemod' parameter. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary command in the security context of the affected service...

4.7AI score
Exploits0
exploitpack
exploitpack
added 2016/11/02 12:0 a.m.37 views

LifeSize Room 5.0.9 - Multiple Vulnerabilities

LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...

0.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2016/10/30 12:0 a.m.2 views

AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection

A SQL injection vulnerability has been reported in AlienVault USM and OSSIM. The vulnerability is due to a failure to sanitize input on requests to getdirectivekdb.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable application...

3.7AI score
Exploits0
OpenVAS
OpenVAS
added 2016/10/26 12:0 a.m.39 views

Amazon Linux: Security Advisory (ALAS-2016-756)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.2AI score0.6773EPSS
Exploits16References2
Check Point Advisories
Check Point Advisories
added 2016/10/26 12:0 a.m.31 views

HP Data Protector Remote Command Execution (CVE-2016-2004)

An arbitrary command execution vulnerability exists in the HPE Data Protector. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service. Successful exploitation could lead to arbitrary command execution under the context of...

9.3CVSS3.8AI score0.94297EPSS
Exploits14
Check Point Advisories
Check Point Advisories
added 2016/10/19 12:0 a.m.5 views

Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution

A remote command execution vulnerability exists in Trend Micro Safe Sync for Enterprise ad.pm page. The vulnerability is due to insufficient validation of the user-supplied id parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable...

4.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/10/13 12:0 a.m.31 views

SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:2508-1)

This update for tiff fixes the following security issues : - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba bsc974449 - Various out-of-bound write vulnerabilities with unspecified impact MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098 -...

7.8CVSS7.4AI score0.05542EPSS
Exploits2References16
Rows per page
Query Builder