818 matches found
Command injection
A vulnerability in the CLI of Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189...
CVE-2017-6602
A vulnerability in the CLI of Cisco Unified Computing System UCS Manager, Cisco Firepower 4100 Series Next-Generation Firewall NGFW, and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb66189...
CVE-2016-9197
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected...
CVE-2016-9196
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced...
CVE-2016-8566
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database...
CVE-2016-9215
A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE...
CVE-2016-6470
A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0...
CVE-2016-6459
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0...
CVE-2016-6450
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system. This vulnerability affects the following products if they are running a vulnerable release of Cisco IOS XE...
NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI) & SQLi
The WordPress Gallery Plugin – NextGEN Gallery WordPress plugin was affected by an Authenticated Local File Inclusion LFI & SQLi security vulnerability...
SolarWinds Kiwi Syslog Server Elevation of Privilege Vulnerability
SolarWinds network security management software products. The application can be installed on a windows system with the option to select the default security service. The default installation path "C:\Program Files x86" is selected when installing the 32-bit application, which may allow an...
SolarWinds Kiwi CatTools Elevation of Privilege Vulnerability
SolarWinds network security management software products. The application can be installed on windows systems with the option to select the default security service. The default installation path "C:\Program Files x86" is selected when installing the 32-bit application, which may allow an...
VulnCheck KEV: CVE-2016-6367
A vulnerability in the command-line interface CLI parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service DoS condition or potentially execute code...
PT-2016-2535 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions prior to 8.41 Description: The issue is caused by a buffer overflow in the Cisco Adaptive Security Appliance software. It allows an authenticated, local attacker to potentially execute...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05391)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier, which can be exploited by an authenticated, local attacker to affect availability...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05387)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server versions 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier, which can be exploited by an authenticated, local attacker to affect availability...
Cisco UCS Central Software Command Line Interface Command Injection Vulnerability
Cisco UCS Central Software is a U.S. Cisco Cisco company's computing, virtualization and networking in one software platform. A security vulnerability exists in the command line interface of Cisco UCS Central Software. An authenticated, local attacker can exploit this vulnerability to inject...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities exist in the wmpomme package of the SUSE Linux Enterprise operating system. Exploitation of these vulnerabilities can lead to breaches of confidentiality, integrity, and accessibility of protected information. The exploitation of these vulnerabilities can be carried out...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities exist in the hal-gnome package of the SUSE Linux Enterprise operating system. Exploitation of these vulnerabilities can lead to breaches of confidentiality, integrity, and accessibility of protected information. The exploitation of these vulnerabilities can be carried out...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities exist in the hal-debuginfo-64bit package of the SUSE Linux Enterprise operating system. Exploitation of these vulnerabilities can lead to breaches of confidentiality, integrity, and accessibility of protected information. The exploitation of these vulnerabilities can be...