1096 matches found
Ubiquiti Administration Portal CSRF to Remote Command Execution
Vulnerability Details Affected Vendor: Ubiquiti Affected Product: AirGateway, AirFiber, mFi Affected Version: 1.1.6, 3.2, 2.1.11 Platform: Embedded Linux CWE Classification: CWE-352: Cross-Site Request Forgery CSRF; CWE-77: Improper Neutralization of Special Elements used in a Command 'Command...
Solarwinds Virtualization Manager 6.3.1 Java Deserialization
Java Deserialization in Solarwinds Virtualization Manager 6.3.1 Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Versions: 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th,...
Cisco IP 8800 phone privilege acquisition vulnerability
Cisco IP 8800 phone is a phone product from Cisco USA that provides video and VoIP communication features. A privilege acquisition vulnerability exists in the Cisco IP 8800 phone using software version 11.0.1 and earlier. A local attacker can use specially crafted CLI commands to gain privileges ...
Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability
A vulnerability in a command-line interface CLI utility of the Cisco IP 8800 Series Phones could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...
The vulnerability of the PHP interpreter allows attackers to execute arbitrary operating system commands.
The vulnerability of the escapeshellarg function ext/standard/exec.c in the PHP interpreter exists because measures to neutralize the special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system...
Schneider Electric StruxureWare Building Operation Automation Server msh bypass
Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...
Schneider Electric StruxureWare Building Operation Automation Server msh bypass
Added: 03/14/2016 CVE: CVE-2016-2278 Background The Schneider Electric StruxureWare Building Operation software suite provides integrated monitoring, control, and management of energy, HVAC, lighting and fire safety. The Automation Server is a building automation system for small and medium-sized...
The vulnerability of the microprogramming software of the Cisco Wireless LAN Controller allows a intruder to execute arbitrary operating system commands.
The vulnerability of Cisco Wireless LAN Controller’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands i...
BaserCMS password brute force vulnerability
baserCMS is an enterprise-level content management system CMS. An arbitrary command execution vulnerability exists in baserCMS versions 3.0.2 through 3.0.8 that could allow an authenticated, remote user to execute arbitrary operating system commands via unspecified vectors...
CVE-2016-1320
The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286...
The vulnerability of data backup and application protection tools such as IBM Spectrum Protect Snapshot, as well as protection mechanisms for virtual machines with IBM Spectrum Protect for Virtual Environments, allows attackers to execute arbitrary operating system commands.
The vulnerability of Data Protection extensions for data backup and application protection in IBM Spectrum Protect Snapshot, as well as the virtual machine protection provided by IBM Spectrum Protect for Virtual Environments, exists due to the lack of measures taken to neutralize special elements...
Pitivi Arbitrary Command Execution Vulnerability
Pitivi is a suite of open source video editing software written in Python and based on GStreamer and GTK+. The software provides a timeline in order to achieve complete control over the video. A security vulnerability exists in Pitivi versions prior to 0.95, which stems from an error in the...
IBM Security Access Manager for Web and Security Access Manager Command Injection Vulnerabilities
IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business and Security Access Manager ISAM are both products of IBM Corporation. The former is a set of products for user authentication, authorization and Web single sign-on solutions in the product, which...
D-Link DIR-601 Command Injection Vulnerability
D-Link DIR-601 is a wireless router product from AUO. A command injection vulnerability exists in the D-Link DIR-601, which allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary OS commands...
The vulnerability of the CommVault Edge data archiving and restoration software allows a hacker to execute arbitrary commands.
The vulnerability of the CommVault Edge data archiving and recovery program exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...
Commvault Edge Server Web Console OS Command Injection Vulnerability
Commvault Edge Server is a suite of Simpana-based software that provides end-users with automated data protection and instant access. A security vulnerability in the web console of Commvault Edge Server allows remote attackers to execute arbitrary OS commands using specially crafted serialized da...
Watchguard XCS - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS Remote Command Execution', 'Description' = %q This module exploits two separate vulnerabilities found in the Watchgua...
Watchguard XCS Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Watchguard XCS Remote Command Execution', 'Description' = %q This module exploits two separate vulnerabilities found in the Watchgua...
Watchguard XCS Remote Command Execution Exploit
This Metasploit module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On...
Watchguard XCS Remote Command Execution
This module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other...