The vulnerability of Siemens SIMATIC product software lies in insufficient validation of input data, allowing attackers to execute arbitrary commands with system privileges.

The vulnerability of Siemens SIMATIC software products is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker with network access to the DCOM interface to execute arbitrary commands with system privileges...

PT-2019-2589 · Red Hat · Openshift Container Platform +1

Name of the Vulnerable Software and Affected Versions: Heketi versions as shipped with Openshift Container Platform 3.11 Description: The issue is related to the lack of an authentication procedure in the standard settings of Heketi, a network software tool. This could allow a remote attacker to...

CVE-2019-9164

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

Command injection

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

CVE-2019-9164

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

CVE-2019-9860

Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control FUBE50014 or FUBE50015 relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are n...

Command execution vulnerability in the messagingagent module of Xiaoxi MINI smart speaker

Xiao Ai MINI Smart Speaker is an AI-based speaker that can be connected to the Internet. A command execution vulnerability exists in the messagingagent module of the Xiao-ai MINI smart speaker, which can be exploited by an attacker to remotely execute arbitrary commands to the device from the...

CVE-2019-9184

SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the productoption parameter...

VulnCheck KEV: CVE-2017-18362

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

Sql injection

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2017-18362

Summary: CVE-2017-18362 affects Kaseya VSA via ConnectWise ManagedITSync. It allows unauthenticated remote commands to access and modify the Kaseya VSA database when ManagedIT.asmx is reachable through the web interface. The vulnerability has been actively exploited in the wild (February 2019) to...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

CVE-2017-18362

ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware payloads on all...

Command Execution Vulnerability in Multiple D-Link Products

D-Link DIR-822 C1 and others are wireless router products from AUO D-Link. A command execution vulnerability exists in multiple D-Link products, which can be exploited by remote attackers to execute commands...

D-Link DIR/DWR Devices Multiple Vulnerabilities (Oct 2018) - Active Check

D-Link DIR / DWR devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX = "cpe:/o:dlink";...

Code Execution Vulnerability in ESPCMS Enterprise Website Management System P8.18101601 Stable Version

ESPCMS enterprise website management system is based on LAMP development and construction of enterprise website management system. A code execution vulnerability exists in the stable version of ESPCMS P8.18101601. It allows an attacker to remotely execute commands and gain server privileges...

Code Execution Vulnerability in Discuz! 1.5-2.5 Versions

Discuz! is a community-based professional website building platform launched by Comsenz Comsenz. A code execution vulnerability exists in Discuz! version 1.5-2.5. The vulnerability is due to improper handling of the parameters of the background database backup function, and an attacker can exploi...

Facebook Flaw Allowed Remote Commands

A vulnerability in a Facebook server that could have led to information disclosure and command execution has been patched by the social network. At issue was a Sentry service, which is an open-source error tracking application that helps developers monitor and fix crashes in real time. It’s writt...

Command Execution Vulnerability in Controller Technology's Little K Smart App

Controller smart home through cutting-edge wireless technology to upgrade the home electrical equipment networking, so as to realize a variety of whole-house intelligent scene. The controller has a variety of smart sockets, designed in a compact form with a variety of functions, with a linkage...