Lucene search
K

57 matches found

Prion
Prion
added 2015/10/25 2:59 a.m.15 views

Design/Logic Flaw

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839...

9CVSS7.3AI score0.02745EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/10/25 1:0 a.m.19 views

CVE-2015-6335

The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839...

6.8AI score0.02745EPSS
Exploits0References2
CVE
CVE
added 2015/10/25 1:0 a.m.55 views

CVE-2015-6335

Cisco FireSIGHT Management Center for VMware is affected by a policy-code vulnerability (Bug CSCuw12839) in versions 5.3.1.7, 5.4.0.4 and 6.0.0. An authenticated remote administrator may bypass policy restrictions and execute Linux commands as root on the underlying OS due to insufficient sanitiz...

9CVSS7AI score0.02745EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2015/07/27 12:0 a.m.55 views

Xceedium Xsuite - Multiple Vulnerabilities

Xceedium Xsuite - Multiple Vulnerabilities See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...

7.5CVSS0.3AI score0.20829EPSS
Exploits10
0day.today
0day.today
added 2015/07/23 12:0 a.m.74 views

Xceedium Xsuite Command Injection / XSS / Traversal / Escalation Vulnerabilities

Xceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities. Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...

7.2CVSS0.9AI score0.20829EPSS
Exploits10
CNVD
CNVD
added 2015/07/16 12:0 a.m.3 views

Cisco ASR Arbitrary Linux Command Execution Vulnerability

The Cisco ASR 5000 and 5500 devices are Cisco's 5000 series of wireless controller products. The boot implementation of the Cisco ASR 5000 and 5500 devices failed to properly read the local file in the COMPACT FLASH, allowing an attacker logged in with administrator privileges to submit special...

7.2CVSS6.8AI score0.00444EPSS
Exploits0References1
Prion
Prion
added 2015/07/10 10:59 a.m.15 views

Design/Logic Flaw

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash CF file, aka Bug ID CSCuu75278...

7.2CVSS7.9AI score0.00444EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/07/10 10:0 a.m.52 views

CVE-2015-4244

The CVE-2015-4244 issue affects Cisco ASR 5000 and ASR 5500 Series (ASK5K) boot software version 14.0, where the boot process improperly reads a local file on Compact Flash (CF). An authenticated, locally privileged attacker can place a file containing Linux commands on CF, causing those commands...

7.2CVSS7.6AI score0.00444EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/07/10 10:0 a.m.22 views

CVE-2015-4244

The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash CF file, aka Bug ID CSCuu75278...

7.4AI score0.00444EPSS
Exploits0References2
Cisco
Cisco
added 2015/07/09 8:51 p.m.43 views

Cisco ASR 5000 Series Software Local Command Injection Vulnerability

A vulnerability in the boot process of the Cisco ASR5000 and ASR5500 ASK5K System Software could allow an authenticated, local attacker to cause commands to be executed during the boot process. The vulnerability is due to improper reading of a local file on Compact Flash CF during the boot proces...

6.8CVSS6.6AI score0.00444EPSS
Exploits0References1
Kitploit
Kitploit
added 2014/12/16 1:45 a.m.20 views

PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands

PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You...

7.9AI score
Exploits0References1
NVD
NVD
added 2014/10/07 10:55 a.m.14 views

CVE-2014-4868

The management console on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command...

9CVSS7.2AI score0.02749EPSS
Exploits0References1
Prion
Prion
added 2014/10/07 10:55 a.m.15 views

Command injection

The management console on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command...

9CVSS7.7AI score0.02749EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2014/10/07 10:0 a.m.21 views

CVE-2014-4868

The management console on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command...

7.2AI score0.02749EPSS
Exploits0References1
Prion
Prion
added 2012/03/22 10:17 a.m.15 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...

6CVSS8.1AI score0.01062EPSS
Exploits0References7Affected Software7
Cvelist
Cvelist
added 2012/03/22 10:0 a.m.25 views

CVE-2012-1843

Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...

7.6AI score0.01062EPSS
Exploits0References7
securityvulns
securityvulns
added 2001/09/17 12:0 a.m.41 views

advisory

------------ advisory ------------ name: eshop Online-Shop System author: WEBDISCOUNT, Inh. Michael Boehme Problem: Script doesnt check for symbol ";". any user can execute any nix commands on webserver. exploit: host/cgi-bin/eshop.pl?seite=;ls| ex...

7.6AI score
Exploits0
Rows per page
Query Builder