Cisco SD-WAN Solution Remote Command Injection Vulnerability (CNVD-2018-14074)

Cisco vBond Orchestrator Software and other products are from Cisco. cisco vBond Orchestrator Software is a set of security network extension management software. vEdge 100 Series Routers is a 100 series router product. SD-WAN Solution is a set of network extension solution running in it. A comma...

PT-2018-2662 · Linksys · Linksys E2500 +1

Name of the Vulnerable Software and Affected Versions: Linksys E1200 versions 2.0.09 Linksys E2500 versions 3.0.04 Description: The issue exists due to improper filtering of data passed to and retrieved from NVRAM, allowing for OS command injection. This can be exploited by a remote attacker to...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

Command injection

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7785

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass...

CVE-2018-7785

CVE-2018-7785 affects Schneider Electric’s U.motion Builder software prior to version 1.3.4. The vulnerability is a remotely exploitable command injection that leads to authentication bypass, with high/critical impact reported (network access, no authentication, full or partial compromise of conf...

Nikto 2.1.6 - CSV Injection

Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...

Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to an authentication bypass leading to remote command injection. (CVE-2018-1418)

Summary An authentication bypass leading to remote command injection has been found in IBM QRadar Incident Forensics. Vulnerability Details CVEID: CVE-2018-1418 DESCRIPTION: IBM QRadar Incident Forensics could allow a user to bypass authentication which could lead to code execution. CVSS Base...

QNAP QTS Remote Command Injection (CVE-2013-0143)

Remote command injection vulnerabilities exist in QNAP QTS. A remote attacker can exploit these weaknesses to execute arbitrary commands in the affected devices via a crafted request...

Fedora 27 : mysql-mmm (2018-e31f52c5ee)

Multi-Master Replication Manager for MySQL mmmagentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon...

Fedora 26 : mysql-mmm (2018-92f04c6b61)

Multi-Master Replication Manager for MySQL mmmagentd Remote Command Injection Vulnerabilities This update adds data sanitization to inputs for the mmm agent. Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon...

D-Link DSL-2750B OS Command Injection

This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...

CVE-2018-10992

lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU...

Git Remote Command Injection Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A command vulnerability exists in Git versions prior to 2.7.5. A remote attacker can run an arbitrary device with the help of a specially crafted 'ssh://...' URL t...

Command Execution Vulnerability in Panabit

Panabit is the intelligent application gateway software developed by PaiNet based on PanaOS operating system. Panabit suffers from a command execution vulnerability. An attacker can obtain root privileges by constructing a payload for remote command injection with web privileges...

Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability

Discovered by Matthew Van Gundy of Asig Overview Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM Multi-Master Replication...

Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities

Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...

CVE-2018-1238

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent LIA. This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge...

PowerShell Downgrade Attack: Unicorn

PowerShell Downgrade Attack Magic Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber’s powershell attacks and the powershell bypass technique presented by David Kennedy TrustedSec and Josh Kelly at Defcon 18. Usage ...