CVE-2017-3744

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...

Design/Logic Flaw

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...

CVE-2017-3744

In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture FFDC service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information...

IPFire Remote Code Execution Vulnerability

IPFire is a free Linux-based firewall. IPFire suffers from a remote code execution vulnerability that could allow an attacker to execute remote commands...

ShadowBrokers' Windows Zero-Days Already Patched

Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. The biggest surprise was that the most...

CVE-2016-4031

Samsung SM-G920F build G920FXXU2COH2 Galaxy S6, SM-N9005 build N9005XXUGBOK6 Galaxy Note 3, GT-I9192 build I9192XXUBNB1 Galaxy S4 mini, GT-I9195 build I9195XXUCOL1 Galaxy S4 mini LTE, and GT-I9505 build I9505XXUHOJ2 Galaxy S4 devices allow attackers to send AT commands by plugging the device into...

CVE-2016-1914

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to 1 mydevice/client/image, 2 admin/client/image, 3...

ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2017-05226)

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from the U.S. company ZOHO ZOHO. A SQL injection vulnerability exists in ZOHO ManageEngine Applications Manager versions 12 and 13. A remote attacker can exploit this vulnerability to execute arbitrary...

DblTekGoIPPwn - Tool to check if an IP of a DblTek GoIP is vulnerable to a challenge-response login system, execute remote commands botnet style, and generate responses to challenges

Tool to exploit challenge response system in vulnerable DblTek GoIP devices. Can generate responses to specified challenges, test hosts for the vulnerability, run commands on vulnerable hosts, and drop into a root shell on any vulnerable host. The Vulnerability On March 2nd, 2017, Trustwave...

CVE-2016-9416

SQL injection vulnerability in the users data handler in MyBB aka MyBulletinBoard before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

snoopy: incomplete fixes for command execution flaws

Various command-execution flaws were found in the Snoopy library included with Nagios. These flaws allowed remote attackers to execute arbitrary commands by manipulating Nagios HTTP headers...

CVE-2016-9885

An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh Geode Shell endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly accessible. Because HTTPS communications are...

Multiple Command Execution Vulnerabilities in Gale Secure Authentication Gateway System

Gehl Secure Authentication Gateway provides high-strength authentication services based on digital certificates and high-strength data link encryption services for network applications. Gale Secure Authentication Gateway system has multiple command execution vulnerabilities. Attackers can utilize...

PT-2016-3182 · Eir · Eir D1000

Name of the Vulnerable Software and Affected Versions: Eir D1000 modem affected versions not specified Description: The issue is related to the improper restriction of the TR-064 protocol, allowing remote attackers to execute arbitrary commands via TCP port 7547. This can be demonstrated by openi...

Tiki Wiki CMS Calendar Remote Code Execution Vulnerability

Tiki Wiki CMS Groupware is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A remote code execution vulnerability exists in the viewmode parameter of t...

Arbitrary Command Execution Vulnerability in Reporter System of Shanghai Bingfeng Computer Network Technology Co.

Shanghai Bingfeng Computer Network Technology Co., Ltd. is a domestic VPN, Traffic Management, Behavior Management, Link Load Balancing, Next Generation Firewall equipment supplier and IT value solution provider. Bingfeng network reporter system is a set of data report management system. Shanghai...

Apache Karaf Default Credentials Command Execution

This module exploits a default misconfiguration flaw on Apache Karaf versions 2.x-4.x. The 'karaf' user has a known default password, which can be used to login to the SSH service, and execute operating system commands from remote. This module requires Metasploit: https://metasploit.com/download...

GM Bot Banking Malware Source Code Leak

Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...

CVE-2016-1142

Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors...

The vulnerability of the Mac OS X operating system, which allows a hacker to gain root user privileges

The vulnerability of the remotecmds component in the Mac OS X operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a local attacker to gain root user privileges...