CVE-2019-1923 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by...

D-Link DCS-1100 and D-Link DCS-1130 Buffer Error Vulnerability (CNVD-2019-21249)

The D-Link DCS-1100 and the D-Link DCS-1130 are both network cameras from Taiwan, China-based AUO D-Link. A buffer error vulnerability exists in the D-Link DCS-1100 and DCS-1130. A local attacker could exploit this vulnerability to execute arbitrary commands on the device without authentication...

USN-3968-1 sudo vulnerabilities

Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. CVE-2016-7076 It was discovered that Sudo did not properly parse the...

FreeBSD : rssh - multiple vulnerabilities (d193aa9f-3f8c-11e9-9a24-6805ca0b38e8)

NVD reports : rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...

ALPINE-CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

Command injection

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

CVE-2019-1000018

CVE-2019-1000018 affects rssh 2.3.4, where allowscp permits CWE-77 (Command Injection) leading to Local command execution. Exploitation is possible by an authorized SSH user with allowscp. Deb‑pack records note a fix version (Debian: 2.3.4-5+deb9u4); Alpine doc confirms the issue. No wider exploi...

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

CVE-2019-1000018

Removed by vendor...

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

CVE-2019-1000018

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp permission...

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

CVE-2014-5220

The CVE-2014-5220 issue affects the mdadm package (mdcheck script) in openSUSE 13.2 prior to version 3.3.1-5.14.1. The root cause is improper sanitization of device names in mdcheck, enabling a local attacker to execute arbitrary commands as root. This is supported by multiple sources in the conn...

CVE-2018-1410

IBM Notes Diagnostics IBM Client Application Access and IBM Notes could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709...

CVE-2017-12551

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-12552

A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2015-0853

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$xeyes...

Cisco StarOS CLI Local Command Injection Vulnerability

The Cisco ASR 5000 Series is a carrier-grade platform for deploying high-demand 3G networks and migrating to long-term evolution. and StarOS is the suite of Linux operating systems used in them. A security vulnerability in Cisco StarOS and Cisco Virtualized Packet Core VPC Software for handling C...

Advantech WebAccess 8.2_20170330 ActiveX plugin has a local command execution vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A local command execution vulnerability exists in the...

Gemalto SmartDiag Diagnosis Tool 2.5 - Local Buffer Overflow (SEH)

Gemalto SmartDiag Diagnosis Tool 2.5 - Local Buffer Overflow SEH Exploit Title: Gemalto SmartDiag Diagnosis Tool = v2.5 - Buffer Overflow - SEH Overwrite Date: 16-03-2017 Software Link: http://support.gemalto.com/index.php?id=downloadtools Exploit Author: Majid Alqabandi Contact:...