Cisco Small Business SPA500 Series IP Phones CVE-2019-15959 Local Command Injection Vulnerability

Description Cisco Small Business SPA500 Series IP Phones are prone to a local command-injection vulnerability. Local attackers can exploit this issue to execute arbitrary commands on the device in an elevated security context. This issue is being tracked by Cisco Bug ID CSCvp40755. Cisco Small...

Fortinet FortiClient for macOS CVE-2019-17650 Local Command Injection Vulnerability

Description Fortinet FortiClient for macOS is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands with root privileges. Versions prior to FortiClient for macOS 6.2.2 are vulnerable. Technologies Affected Fortinet FortiClien...

PT-2019-10733 · Cujo · Cujo Smart Firewall

Name of the Vulnerable Software and Affected Versions: CUJO Smart Firewall affected versions not specified Description: A vulnerability exists in the verified boot protection, allowing a local attacker to add arbitrary shell commands into the dhcpd.conf file. These commands persist across reboots...

Cisco SD-WAN Zero Touch Provisioning Local Command Injection Vulnerability

Cisco vEdge 100 Series Routers and others are different series of router products from Cisco. the SD-WAN Solution is a suite of network extension solutions that run on it. A command injection vulnerability exists in the Zero Touch Provisioning ZTP subsystem in Cisco SD-WAN Solution versions prior...

Cisco Unified Computing System Local Command Injection Vulnerability (CNVD-2018-13560)

Cisco Unified Computing System UCS Software is a set of unified computing system of the United States Cisco Cisco. The system through the extensive use of virtualization technology will be integrated into a platform of network, computing and virtualization resources. A local command injection...

Cisco Enterprise NFV Infrastructure Software Local Command Injection Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform enables full lifecycle management of virtualized services through a central orchestrator and controller.CLI is one of the command line tools. A command injection...

Cisco Identity Services Engine Local Command Injection Vulnerability

A vulnerability in certain CLI commands of Cisco Identity Services Engine ISE could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the privileges of the local user. These commands should have been restricted from this user. The vulnerability...

UBUNTU-CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

DEBIAN-CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed...

Unicon Software eLux RP Screensavercc Component Elevation of Privilege Vulnerability

Unicon Software eLux RP is an operating system for thin client devices from Unicon Software, Germany.Screensavercc component is one of the screen saver components. A security vulnerability exists in the Screensavercc component of Unicon Software eLux RP versions prior to 5.5.0. An attacker can...

Cisco IOS XR Software Local Command Injection Vulnerability (cisco-sa-20170621-ios)

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are...

The vulnerability of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system allows a intruder to inject arbitrary commands.

The vulnerability of the CLI component of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary...

Local Command Injection Vulnerability in Multiple Cisco Products (CNVD-2017-04455)

Cisco is a leading global provider of networking solutions. A local command injection vulnerability exists in multiple Cisco products. A local attacker could exploit this vulnerability to execute arbitrary commands...

Local Command Injection Vulnerability in Multiple Cisco Products (CNVD-2017-04873)

Cisco Unified Communications Manager is an enterprise-class IP telephony call processing system. A local command injection vulnerability exists in Cisco Unified Communications Manager, which could be exploited by a local attacker to submit a special request and execute arbitrary shell commands...

Local Command Injection Vulnerability in Multiple Cisco Products

The Cisco Firepower 4100 Series Next-Generation Firewall and the Cisco Firepower 9300 Security Appliance are both security appliances from Cisco USA. A security vulnerability exists in the CLI command handling process in the Cisco Firepower 4100 Series Next-Generation Firewall and Firepower 9300...

IBM Security Guardium Database Activity Monitor Local Command Injection Vulnerability (CNVD-2017-00060)

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A local command injection vulnerability exists in IBM Security Guardiu...

Cisco TelePresence Endpoints Local Command Injection Vulnerability

Cisco TelePresence Endpoints is a new system technology that combines a series of technological breakthroughs and integrated technologies from Cisco in the fields of intelligent IP networks, unified communications, ultra-high-definition IP video up to click here to add a picture to illustrate the...

IBM Security Guardium Database Activity Monitor Local Command Injection Vulnerability

IBM Security Guardium Database Activity Monitor is a database activity monitor product from IBM USA. The product provides features such as automated controls for compliance and protection against internal and external threats. A local command injection vulnerability exists in IBM Security Guardiu...

Multiple vulnerabilities in ePhone Disk

EPhone Disk is lightweight file manager to download, organize, deliver, and read files offline. ePhone Disk suffers from File Include, Local Command and Path Injection, and Remote Denial of Service vulnerabilities. Allows remote attackers to compromise web applications or mobile devices with...

ownCloud Desktop Client Local Command Injection Vulnerability

The ownCloud Desktop Client is a desktop client for connecting to OwnCloud servers. The ownCloud Desktop Client local command injection vulnerability allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected application...