1086 matches found
AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...
Cisco ATA 187 Analog Telephone Adapter Unauthorized Access Security Bypass Vulnerability (cisco-sa-20130206-ata187)
Cisco ATA-187 is prone to a security bypass vulnerability because it allows attackers to gain unauthorized access to the device. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2016-0325
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...
Sophos Web Appliance v4. 2. 1. 3 remote code execution vulnerability
Multiple parameters to the web interface are unsafely handled and can be used to run operating system commands, such as: POST /index.php?c=logs HTTP/1.1 Host: redacted User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.10; rv:46.0 Gecko/20100101 Firefox/46.0 Accept: text/javascript, text/html,...
Moxa OnCell Series Products OS Command Execution Vulnerability
MOXA OnCell is an industrial grade IP gateway product. An OS command execution vulnerability exists in Moxa OnCell Series products, which can be exploited by an attacker to execute arbitrary OS commands...
Cisco Cloud Services Platform 2.x < 2.1.0 Multiple Vulnerabilities
According to its self-reported version number, the remote Cisco Cloud Services Platform CSP device is 2.x prior to 2.1.0. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in the web-based GUI due to improper sanitization of user-supplied...
Command Execution Vulnerability in UFIDA UFO System
UFIDA UFO system is UFIDA software comes with tabular data processing software. A command execution vulnerability exists in UFIDA UFO System. The vulnerability allows attackers to execute operating system commands...
AKABEi SOFT2 Games Operating System Command Injection Vulnerability
AKABEi SOFT2 G-senjou no Maou - The Devil on G-String and other games developed by AKABEi SOFT2 in Japan. An operating system command injection vulnerability exists in AKABEi SOFT2 Games. An attacker could exploit this vulnerability to execute arbitrary operating system commands in the context of...
Keitai Kit for Movable Type Operating System Command Injection Vulnerability
Six Apart Movable Type MT is a blogging system. keitai Kit is a security check plugin used in it. Keitai Kit for Movable Type is vulnerable, which can be exploited by remote attackers to execute arbitrary OS commands upon submission of a special request...
op5 Monitor Nacoma command execution
Added: 07/01/2016 Background op5 Monitor is an open-source monitoring solution written in PHP. Problem The commandtest.php script in the Nacoma component of op5 Monitor can be used to execute arbitrary operating system commands. Resolution Upgrade to op5 Monitor 7.2.0 or higher. References...
Ubiquiti Administration Portal CSRF to Remote Command Execution
Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...
Solarwinds Virtualization Manager 6.3.1 Java Deserialization
Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Versions: 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th,...
Cisco IP 8800 phone privilege acquisition vulnerability
Cisco IP 8800 phone is a phone product from Cisco USA that provides video and VoIP communication features. A privilege acquisition vulnerability exists in the Cisco IP 8800 phone using software version 11.0.1 and earlier. A local attacker can use specially crafted CLI commands to gain privileges ...
Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability
A vulnerability in a command-line interface CLI utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...
The vulnerability of the PHP interpreter allows attackers to execute arbitrary operating system commands.
The vulnerability of the escapeshellarg function ext/standard/exec.c in the PHP interpreter exists because measures to neutralize the special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system...
Schneider Electric StruxureWare Building Operation Automation Server msh bypass
Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...
Schneider Electric StruxureWare Building Operation Automation Server msh bypass
Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...
The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller allows a intruder to execute arbitrary operating system commands.
The vulnerability of Cisco Wireless LAN Controller’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands i...
BaserCMS password brute force vulnerability
baserCMS is an enterprise-level content management system CMS. An arbitrary command execution vulnerability exists in baserCMS versions 3.0.2 through 3.0.8 that could allow an authenticated, remote user to execute arbitrary operating system commands via unspecified vectors...
CVE-2016-1320
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286...