Lucene search
K

1096 matches found

KoreLogic Security
KoreLogic Security
added 2016/06/28 12:0 a.m.507 views

Ubiquiti Administration Portal CSRF to Remote Command Execution

Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...

7.4AI score
Exploits0Affected Software3
Packet Storm
Packet Storm
added 2016/06/15 12:0 a.m.80 views

Solarwinds Virtualization Manager 6.3.1 Java Deserialization

Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Versions: 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th,...

10CVSS0.1AI score0.13268EPSS
Exploits2
CNVD
CNVD
added 2016/06/07 12:0 a.m.20 views

Cisco IP 8800 phone privilege acquisition vulnerability

Cisco IP 8800 phone is a phone product from Cisco USA that provides video and VoIP communication features. A privilege acquisition vulnerability exists in the Cisco IP 8800 phone using software version 11.0.1 and earlier. A local attacker can use specially crafted CLI commands to gain privileges ...

7.8CVSS7.5AI score0.0051EPSS
Exploits0References1
Cisco
Cisco
added 2016/06/03 12:0 a.m.56 views

Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability

A vulnerability in a command-line interface CLI utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...

6.8CVSS8.1AI score0.0051EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/06/01 12:0 a.m.6 views

The vulnerability of the PHP interpreter allows attackers to execute arbitrary operating system commands.

The vulnerability of the escapeshellarg function ext/standard/exec.c in the PHP interpreter exists because measures to neutralize the special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system...

10CVSS8.1AI score0.05999EPSS
Exploits2References5Affected Software1
Saint
Saint
added 2016/03/14 12:0 a.m.80 views

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

9CVSS7.3AI score0.13426EPSS
Exploits7
Saint
Saint
added 2016/03/14 12:0 a.m.49 views

Schneider Electric StruxureWare Building Operation Automation Server msh bypass

Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...

9CVSS7.3AI score0.13426EPSS
Exploits7
BDU FSTEC
BDU FSTEC
added 2016/03/11 12:0 a.m.7 views

The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller allows a intruder to execute arbitrary operating system commands.

The vulnerability of Cisco Wireless LAN Controller’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands i...

7.2CVSS5.8AI score0.00483EPSS
Exploits0References2
CNVD
CNVD
added 2016/02/25 12:0 a.m.6 views

BaserCMS password brute force vulnerability

baserCMS is an enterprise-level content management system CMS. An arbitrary command execution vulnerability exists in baserCMS versions 3.0.2 through 3.0.8 that could allow an authenticated, remote user to execute arbitrary operating system commands via unspecified vectors...

6.5CVSS7.9AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2016/02/12 1:59 a.m.1 views

CVE-2016-1320

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286...

6.7CVSS6AI score0.00358EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.7 views

The vulnerability of data backup and application protection tools such as IBM Spectrum Protect Snapshot, as well as protection mechanisms for virtual machines with IBM Spectrum Protect for Virtual Environments, allows attackers to execute arbitrary operating system commands.

The vulnerability of Data Protection extensions for data backup and application protection in IBM Spectrum Protect Snapshot, as well as the virtual machine protection provided by IBM Spectrum Protect for Virtual Environments, exists due to the lack of measures taken to neutralize special elements...

10CVSS8.1AI score0.02519EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2016/01/13 12:0 a.m.6 views

Pitivi Arbitrary Command Execution Vulnerability

Pitivi is a suite of open source video editing software written in Python and based on GStreamer and GTK+. The software provides a timeline in order to achieve complete control over the video. A security vulnerability exists in Pitivi versions prior to 0.95, which stems from an error in the...

10CVSS7.5AI score0.03236EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/06 12:0 a.m.7 views

IBM Security Access Manager for Web and Security Access Manager Command Injection Vulnerabilities

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business and Security Access Manager ISAM are both products of IBM Corporation. The former is a set of products for user authentication, authorization and Web single sign-on solutions in the product, which...

8.5CVSS7.6AI score0.02745EPSS
Exploits0References1
CNVD
CNVD
added 2015/11/22 12:0 a.m.2 views

D-Link DIR-601 Command Injection Vulnerability

D-Link DIR-601 is a wireless router product from AUO. A command injection vulnerability exists in the D-Link DIR-601, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary OS commands...

8.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/11/20 12:0 a.m.7 views

The vulnerability of the CommVault Edge data archiving and restoration software allows a hacker to execute arbitrary commands.

The vulnerability of the CommVault Edge data archiving and recovery program exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

10CVSS5.9AI score0.04319EPSS
Exploits0References3
CNVD
CNVD
added 2015/11/07 12:0 a.m.5 views

Commvault Edge Server Web Console OS Command Injection Vulnerability

Commvault Edge Server is a suite of Simpana-based software that provides end-users with automated data protection and instant access. A security vulnerability in the web console of Commvault Edge Server allows remote attackers to execute arbitrary OS commands using specially crafted serialized da...

10CVSS7.6AI score0.04319EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2015/09/28 12:0 a.m.37 views

Watchguard XCS - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS Remote Command Execution', 'Description' = %q This module exploits two separate vulnerabilities found in the Watchgua...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/09/26 12:0 a.m.30 views

Watchguard XCS Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS Remote Command Execution', 'Description' = %q This module exploits two separate vulnerabilities found in the Watchgua...

7.4AI score
Exploits0
0day.today
0day.today
added 2015/09/26 12:0 a.m.21 views

Watchguard XCS Remote Command Execution Exploit

This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On...

8.3AI score
Exploits0
Metasploit
Metasploit
added 2015/09/16 11:29 a.m.44 views

Watchguard XCS Remote Command Execution

This module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other...

6.5CVSS8.3AI score0.57309EPSS
Exploits2
Rows per page
Query Builder