The vulnerability of the Veritas Access data storage system and its backup/restore software, Veritas NetBackup and Veritas NetBackup Appliance, is related to privilege division errors. This vulnerability allows an attacker to execute commands with root/admin privileges.

The vulnerability of the Veritas Access data storage system, as well as the software tools for backup and recovery with Veritas NetBackup and Veritas NetBackup Appliance, is related to privilege division errors. Exploiting this vulnerability could allow an attacker to execute commands on the...

Schneider Electric Pelco Sarix Professional Command Execution Vulnerability (CNVD-2018-05325)

The Schneider Electric Pelco Sarix Professional is a video surveillance device from Schneider Electric France. A security vulnerability in the Schneider Electric Pelco Sarix Professional using firmware prior to version 3.29.67 exists because the program fails to validate shell metacharacters with...

CVE-2017-5828

An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found...

DEBIAN-CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

Dozer command execution vulnerability

Dozer is a mapper for Java beans that copies data from one object to another. A security vulnerability exists in Dozer that stems from the program's use of reflection-based methods for type conversion. The vulnerability can be exploited by a remote attacker to execute arbitrary code using special...

CVE-2017-17761

An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote LAN unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a id command...

Datto Windows Agent Command Execution Vulnerability

Datto Windows Agent DWA is a suite of Windows-based backup agent software from Datto, Inc. A command execution vulnerability exists in DWA version 1.0.5.0 and earlier. A remote attacker can exploit this vulnerability to execute commands with the help of malformed commands...

HPE System Management Homepage Arbitrary Command Execution Vulnerability (CNVD-2017-33361)

HPE System Management Homepage is a Web-based interface from Hewlett Packard Enterprise. An arbitrary command execution vulnerability exists in HPE System Management Homepage, which allows an attacker to submit a special request to execute arbitrary OS commands in an application context...

The vulnerability in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin allows a malicious user to execute arbitrary commands on the operating system.

The vulnerability in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating...

Command Execution Vulnerability in Fusion K2 Wireless Router of Shanghai Fusion Data Communication Technology Co.

The Fusion K2 Wireless Router is a wireless router for home use. A command execution vulnerability exists in the Fusion K2 Wireless Router from Shanghai Fusion Data Communication Technology Co. The vulnerability is due to the timeRebootEnablestatus and timeRebootrange parameters not filtering...

Cisco ASR 5000 Series Aggregated Services Routers StarOS Security Bypass Vulnerability

Cisco ASR 5000 Series Aggregated Services Routers are the ASR 5000 series of integrated services router products from Cisco.StarOS is the set of operating systems that run on them.CLI is one of the command-line programs. A security bypass vulnerability exists in the CLI for StarOS in Cisco ASR 50...

CVE-2017-1318

IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. IBM X-Force ID: 125730...

Foscam Indoor IP Camera C1 Series Command Execution Vulnerability

Foscam Indoor IP Camera C1 Series is a C1 series wireless IP camera product from Foscam China. A security vulnerability exists in the web management interface of the Foscam Indoor IP Camera C1 Series using application firmware 2.52.2.37. The vulnerability can be exploited to inject arbitrary data...

OSRAM SYLVANIA Osram Lightify Home Pre-Authentication Command Execution Vulnerability

OSRAM SYLVANIA Osram Lightify Home is a set of open IoT platforms for automated control of lighting devices from OSRAM Germany. A security vulnerability exists in OSRAM SYLVANIA Osram Lightify Home versions prior to 2016-07-26. A remote attacker can exploit the vulnerability to execute arbitrary...

CVE-2017-2842

In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to t...

PYSEC-2017-95

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...

DEBIAN-CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution...

HPE Aruba ClearPass Policy Manager Arbitrary Command Execution Vulnerability

HPE Aruba ClearPass Policy Manager is a network access control solution from Hewlett Packard Enterprise HPE. An arbitrary command execution vulnerability exists in HPE Aruba ClearPass Policy Manager versions prior to 6.6.5. An attacker could exploit this vulnerability to execute arbitrary command...

Mimosa Client Radios and Mimosa Backhaul Radios Denial of Service Vulnerabilities

Mimosa Client Radios and Mimosa Backhaul Radios are both products of Mimosa Networks, Inc.Mimosa Client Radios is a hypervisor for the client devices of the Mimosa multipoint solution.Mimosa Backhaul Radios is Mimosa Backhaul Radios is a management program for broadband backhaul devices. A denial...

Multiple Jensen of Scandinavia Air:Link Command Execution Vulnerabilities

Air:Link 3G, Air:Link 5000AC, Air:Link 59300 are routers from Jensen of Scandinavia, Norway. A command execution vulnerability exists in the /goform/ page of multiple Jensen of Scandinavia Air:Link products. A remote attacker could use this vulnerability to submit special shell metacharacters to...