The vulnerability of data backup and application protection tools such as IBM Spectrum Protect Snapshot, as well as protection mechanisms for virtual machines with IBM Spectrum Protect for Virtual Environments, allows attackers to execute arbitrary operating system commands.

The vulnerability of Data Protection extensions for data backup and application protection in IBM Spectrum Protect Snapshot, as well as the virtual machine protection provided by IBM Spectrum Protect for Virtual Environments, exists due to the lack of measures taken to neutralize special elements...

Pitivi Arbitrary Command Execution Vulnerability

Pitivi is a suite of open source video editing software written in Python and based on GStreamer and GTK+. The software provides a timeline in order to achieve complete control over the video. A security vulnerability exists in Pitivi versions prior to 0.95, which stems from an error in the...

IBM Security Access Manager for Web and Security Access Manager Command Injection Vulnerabilities

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business and Security Access Manager ISAM are both products of IBM Corporation. The former is a set of products for user authentication, authorization and Web single sign-on solutions in the product, which...

D-Link DIR-601 Command Injection Vulnerability

D-Link DIR-601 is a wireless router product from AUO. A command injection vulnerability exists in the D-Link DIR-601, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary OS commands...

The vulnerability of the CommVault Edge data archiving and restoration software allows a hacker to execute arbitrary commands.

The vulnerability of the CommVault Edge data archiving and recovery program exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

Commvault Edge Server Web Console OS Command Injection Vulnerability

Commvault Edge Server is a suite of Simpana-based software that provides end-users with automated data protection and instant access. A security vulnerability in the web console of Commvault Edge Server allows remote attackers to execute arbitrary OS commands using specially crafted serialized da...

Watchguard XCS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS Remote Command Execution', 'Description' = %q This module exploits two separate vulnerabilities found in the Watchgua...

Watchguard XCS Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS Remote Command Execution', 'Description' = %q This module exploits two separate vulnerabilities found in the Watchgua...

Watchguard XCS Remote Command Execution Exploit

This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On...

Watchguard XCS Remote Command Execution

This module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other...

Webservice-DIC yoyaku_v41 OS Command Injection Vulnerability

Webservice-DIC yoyakuv41 is a conference room reservation management software from Webservice-DIC. Webservice-DIC yoyakuv41 fails to properly filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary operating system...

Belkin N300 Dual-Band Wi-Fi Range Extender formiNICWpsStart Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formiNICWpsStart requests. It is possible to...

Belkin N300 Dual-Band Wi-Fi Range Extender formHwSet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formHwSet requests. It is possible to inject...

Belkin N300 Dual-Band Wi-Fi Range Extender formUSBStorage Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formUSBStorage requests. It is possible to inje...

Belkin N300 Dual-Band Wi-Fi Range Extender formAccept Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formAccept requests. It is possible to inject...

Belkin N300 Dual-Band Wi-Fi Range Extender formWpsStart pinCode Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWpsStart requests. It is possible to inject...

Belkin N300 Dual-Band Wi-Fi Range Extender formBSSetSitesurvey Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formBSSetSitesurvey requests. It is possible to...

Belkin N300 Dual-Band Wi-Fi Range Extender formWlanMP Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Belkin N300 Dual-Band Wi-Fi Range Extender. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of formWlanMP requests. It is possible to inject...

The vulnerability of the Cisco UCS Central device’s centralized management system allows a perpetrator to gain privileges necessary to execute operating system commands.

The vulnerability of the Cisco UCS Central device management system exists because measures to neutralize the special elements used in the operating system command are not taken. Exploiting this vulnerability can allow a malicious actor, operating locally, to gain privileges necessary to execute...

The vulnerability of the Cisco VX Client allows a perpetrator to gain privileges necessary to execute system commands.

The vulnerability of the diagnostic subsystem in the web-based administration interface of Cisco VX Client exists due to the lack of measures taken to neutralize the special elements used in the operating system command set. Exploiting this vulnerability can allow an attacker, operating locally, ...