57 matches found
Design/Logic Flaw
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839...
CVE-2015-6335
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839...
CVE-2015-6335
Cisco FireSIGHT Management Center for VMware is affected by a policy-code vulnerability (Bug CSCuw12839) in versions 5.3.1.7, 5.4.0.4 and 6.0.0. An authenticated remote administrator may bypass policy restrictions and execute Linux commands as root on the underlying OS due to insufficient sanitiz...
Xceedium Xsuite - Multiple Vulnerabilities
Xceedium Xsuite - Multiple Vulnerabilities See also: http://www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt --------------------------------------------------------------------- modzero Security Advisory: Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...
Xceedium Xsuite Command Injection / XSS / Traversal / Escalation Vulnerabilities
Xceedium Xsuite versions 2.3.0 and 2.4.3.0 suffer from command injection, cross site scripting, directory traversal, hard-coded credential, and privilege escalation vulnerabilities. Multiple Vulnerabilities in Xceedium Xsuite MZ-15-02...
Cisco ASR Arbitrary Linux Command Execution Vulnerability
The Cisco ASR 5000 and 5500 devices are Cisco's 5000 series of wireless controller products. The boot implementation of the Cisco ASR 5000 and 5500 devices failed to properly read the local file in the COMPACT FLASH, allowing an attacker logged in with administrator privileges to submit special...
Design/Logic Flaw
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash CF file, aka Bug ID CSCuu75278...
CVE-2015-4244
The CVE-2015-4244 issue affects Cisco ASR 5000 and ASR 5500 Series (ASK5K) boot software version 14.0, where the boot process improperly reads a local file on Compact Flash (CF). An authenticated, locally privileged attacker can place a file containing Linux commands on CF, causing those commands...
CVE-2015-4244
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash CF file, aka Bug ID CSCuu75278...
Cisco ASR 5000 Series Software Local Command Injection Vulnerability
A vulnerability in the boot process of the Cisco ASR5000 and ASR5500 ASK5K System Software could allow an authenticated, local attacker to cause commands to be executed during the boot process. The vulnerability is due to improper reading of a local file on Compact Flash CF during the boot proces...
PuttyRider - Hijack Putty sessions in order to sniff conversation and inject Linux commands
PuttyRider injects a DLL into a running putty.exe process in order to sniff all communication and inject Linux commands on the remote server. This can be useful in an internal penetration test when you already have access to a sysadmin’s machine who has a Putty session open to a Linux server. You...
CVE-2014-4868
The management console on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command...
Command injection
The management console on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command...
CVE-2014-4868
The management console on the Brocade Vyatta 5400 vRouter 6.4Rx, 6.6Rx, and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...
CVE-2012-1843
Cross-site request forgery CSRF vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 604G.GS00100, also distributed as the Dell ML6000 tape library with firmware before A20-00 590G.GS00100, allows remote attackers to hijack the authentication of use...
advisory
------------ advisory ------------ name: eshop Online-Shop System author: WEBDISCOUNT, Inh. Michael Boehme Problem: Script doesnt check for symbol ";". any user can execute any nix commands on webserver. exploit: host/cgi-bin/eshop.pl?seite=;ls| ex...