649 matches found
Command Execution Vulnerability in ColdFusion
Adobe ColdFusion is a commercial rapid development platform. It can be used as a development platform, as a Flash remote service or as a backend server for Adobe Flex applications. A command execution vulnerability exists in ColdFusion. An attacker could exploit this vulnerability to gain...
Jenkins Git client plugin command execution vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . Git client plug-in for Jenkins plug-in provides git application programming interface . Jenkins Git client plug-in has a command execution vulnerability , with Job/Configure privileges of...
Epignosis eFront LMS SQL Injection Vulnerability
Epignosis eFront LMS is a suite of online e-learning platforms from Epignosis, Inc. in the United States. The platform provides test building, assignment management, internal messaging, forums and online chat. A SQL injection vulnerability exists in Epignosis eFront LMS version 5.2.12 and earlier...
ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
A flaw was found in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...
ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444)
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...
The vulnerability of the TIA Administrator software development environment, related to the lack of authentication, allows a malicious individual to execute a series of commands.
The vulnerability of the TIA Administrator software development environment is related to the lack of authentication. Exploiting this vulnerability allows an attacker to execute a series of commands...
CVE-2019-1885
A vulnerability in the Redfish protocol of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of user-supplied input by th...
Siemens SCALANCE SC-600 Command Execution Vulnerability
SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows the filtering of incoming and outgoing network connections in different ways. A command execution vulnerability exists in the Siemens SCALANCE SC-600. An attacker could exploit this vulnerabilit...
Command Execution Vulnerability in Netcom's Next Generation Firewall NGFW
Netcom Next Generation Firewall NGFW is a high-performance application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A command execution vulnerability exists in NGFW. An attacker can inject commands and execute them after logging in with a defaul...
Command Execution Vulnerability in Goldie's Mail System
Kindie mail system is an e-mail server developed for the communication needs of enterprises and institutions, the software system kernel is developed in C++, with strong stability and security. A command execution vulnerability exists in the Goldpac Email System, which can be exploited by an...
Command Execution Vulnerability in DedeCMS
Dream Content Management System DedeCMS is a PHP open source website management system. A command execution vulnerability exists in DedeCMS. An attacker can exploit this vulnerability to execute arbitrary commands and obtain server control privileges...
CVE-2019-1923
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by...
Command execution vulnerability in DBShop system (CNVD-2019-23860)
DBShop is an e-commerce system. A command execution vulnerability exists in the DBShop system that can be exploited by an attacker to gain server privileges...
Command execution vulnerability in DBShop system (CNVD-2019-23859)
DBShop is an e-commerce system. A command execution vulnerability exists in the DBShop system that can be exploited by an attacker to gain server privileges...
Command Execution Vulnerability in Advantech WebAccessNode
Advantech is a leader in the intelligent systems industry. A command execution vulnerability exists in Advantech WebAccessNode. It allows attackers to remotely execute commands to gain server privileges...
Command Execution Vulnerability in Ziggy's Fortress (CNVD-2019-22668)
Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. A command execution vulnerability exists in Qiji Fortress, which can be exploited by an attacker to execute arbitrary commands...
Command Execution Vulnerability in DedeCMS v5.7
Dream Content Management System DedeCMS is a PHP open source website management system. A command execution vulnerability exists in DedeCMS v5.7, which can be exploited by an attacker to gain server privileges...
CVE-2019-13035
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS the current directory a...
Command Execution Vulnerability in APN GW Series Products of Shenzhen Aolian Technology Co.
Ltd. is a Shenzhen high-tech enterprise, double soft enterprise, is the State Cryptography Bureau of business secrets designated production units and sales units. Ltd. APN GW series products have a command execution vulnerability, which can be exploited by attackers to obtain server privileges...
Command Execution Vulnerability in Dedecms
Dream Content Management System DedeCMS is a PHP open source website management system. A command execution vulnerability exists in Dedecms. Allows attackers to remotely execute commands and gain server privileges...