145 matches found
CVE-2022-37893
An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x...
PT-2022-24127 · Aruba · Aruba Instant +1
Name of the Vulnerable Software and Affected Versions: Aruba InstantOS versions 6.4.4.8 through 4.2.4.20 and below Aruba InstantOS versions 6.5.4.23 and below Aruba InstantOS versions 8.6.0.18 and below Aruba InstantOS versions 8.7.1.9 and below Aruba InstantOS versions 8.10.0.1 and below ArubaOS...
CVE-2022-22689
CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands...
CVE-2020-5316
Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for Home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an...
Command injection
Command injection vulnerability in QSAN Storage Manager allows remote privileged users to execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document...
Mongodb Server 安全漏洞
Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB that allows privileged execution of arbitrary software...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel, which stems from a logic error in the NXP NFC firmware that could allow for an insecure firmware update. This could result in the...
Cisco Jabber 授权问题漏洞
Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The program provides online status display, instant messaging, voice and other features. There is an authorization issue vulnerability in Cisco Jabber that arises from the software allowing...
Mida Solutions eFramework ajaxreq.php Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apach...
Dell SupportAssist Uncontrolled Search Path Vulnerability (DSA-2020-005)
Dell SupportAssist for business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3 and Dell SupportAssist for home PCs version 2.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.1.2, 2.1.3, 2.2, 2.2.1, 2.2.2, 2.2.3, 3.0, 3.0.1, 3.0.2, 3.1, 3.2, 3.2.1, 3.2.2, 3.3, 3.3.1, 3.3.2, 3.3.3, 3.4 contain an...
CVE-2020-11520
The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to write to arbitrary kernel memory addresses because the IOCTL dispatcher lacks pointer validation. Exploiting this vulnerability results in privileged code execution...
NSClient++ 0.5.2.35 Authenticated Remote Code Execution
Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Google Dork: N/A Date: 2020-04-20 Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64 CVE: N/A NSClient++ ...
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit
Exploit for jsp platform in category web applications Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64...
Code injection
An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 December 2018...
kernel: perf_event_open() and execve() race in setuid programs allows a data leak
A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...
The vulnerability of the Windows Language Pack Installer component on Windows operating systems allows a malicious individual to execute processes under privileged access.
The vulnerability of the Windows Language Pack Installer component in Windows operating systems is related to file operation errors. Exploiting this vulnerability can allow an attacker to execute processes in privileged mode using a specially created application...
infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...
The vulnerability in the web interface for managing microprogrammed software in Cisco SPA100 Series IP phones allows a perpetrator to execute arbitrary code with elevated privileges.
The vulnerability in the web interface for managing Microprogramming software in Cisco SPA100 Series IP phones is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges using a...
Cisco NX-OS Command Injection Vulnerability
Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco NX-OS. The vulnerability stems from insufficient validation of parameters...
DEBIAN-CVE-2019-0211
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually roo...