8703 matches found
Mandriva Linux Security Advisory : egroupware (MDVSA-2015:087)
Updated egroupware packages fix security vulnerabilities : eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027. eGroupWare before 1.8.007 allows logged in users with...
Websense Triton and V-Series CLU Arbitrary Command Execution Vulnerability
Websense TRITON is the Unified Content Architecture for data security. An arbitrary command execution vulnerability exists in the Network Diagnostic Tool CommandLineServlet in the CLU in Websense TRITON AP-WEB 7.8.3 and V-Series appliances, which could allow a remotely authenticated user to execu...
AlienVault OSSIM av-centerd Util.pm remote_task Arbitrary Command Execution - Ver2 (CVE-2014-5210)
The vulnerability is due to a failure to safely sanitize remotetask SOAP requests within Util.pm. this vulnerability can be exploit by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges...
cups-filters remove_bad_chars function arbitrary command execution vulnerability
CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...
ArubaOS Arbitrary Code Execution Vulnerability
Aruba OS is the operating system and application engine for all Aruba mobile controllers and access units. A security vulnerability in the ArubaOS "RAP console" feature on Aruba access points in Remote Access Point AP mode could be exploited by an attacker to conduct an arbitrary command executio...
CVE-2015-2265
The removebadchars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the 1 model or 2 PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...
oc Arbitrary Command Execution Vulnerability (CNVD-2015-01830)
osc is a command-line interface written in Python, and also provides Python modules for use by Python programs. A security vulnerability exists in versions of osc prior to 0.151.0, which can be exploited by a remote attacker to execute arbitrary commands via shell metacharacters within a...
USN-2532-1 cups-filters vulnerability
It was discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands...
ShareLaTeX Remote Command Injection Vulnerability
ShareLaTeX is an open source web-based real-time collaborative LaTex editor developed by the ShareLaTeX team, which supports local editing, real-time collaboration and compilation of LaTeX documents. ShareLaTeX suffers from a remote command injection vulnerability due to the program failing to...
Joyent Node.js dns-sync module arbitrary command execution vulnerability
Joyent Node.js is a set of Joyent's web application platform built on top of Google's V8 JavaScript engine. dns-sync is one of the libraries that allows synchronized resolution of hostnames. A security vulnerability exists in the node.js dns-sync module. An attacker can exploit the vulnerability ...
Arbitrary Command Execution Through Shell Metacharacters In API Arguments
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. This vulnerability is a duplicate of CVE-2017-16100...
CVE-2014-9682
The dns-sync module for Node.js (versions before 0.1.1) is affected by CVE-2014-9682. The underlying issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function, enabling remote code execution or command executi...
Infoblox Network Automation NetMRI Anyterm Daemon Arbitrary Command Execution Vulnerability
Infoblox Network Automation NetMRI is a suite of automated network configuration and change management software from Infoblox USA. The software has the ability to automate the review and analysis of network changes using built-in expert topics. A security vulnerability exists in Infoblox Network...
CVE-2015-2050
D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors...
CVE-2015-2050
CVE-2015-2050 affects D-Link DAP-1320 Rev Ax with firmware before 1.21b05. A remote attacker can execute arbitrary commands via unspecified vectors over the network (no authentication). Related sources cite a remote code execution/command injection vulnerability tied to the device’s firmware/upda...
HP Data Protector Windows Unauthenticated Remote Code Execution
Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...
HP Data Protector Unauthenticated Remote Code Execution
Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...
HP Data Protector Unauthenticated Remote Code Execution
Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...
HP Data Protector Unauthenticated Remote Code Execution
Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...
HP Data Protector Unauthenticated Remote Code Execution
Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...