PT-2017-14278 · D Link · D-Link Dgs-1500

Name of the Vulnerable Software and Affected Versions: D-Link DGS-1500 Ax versions prior to 2.51B021 Description: The issue allows remote attackers to obtain shell access due to a hardcoded password. Recommendations: For versions prior to 2.51B021, update to version 2.51B021 or later to resolve t...

dotCMS 4.1.1 Remote Shell Upload Vulnerability

dotCMS is prone to a remote shell upload vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms"; if...

Vanquish - Kali Linux based Enumeration Orchestrator

Vanquish is a Kali Linux based Enumeration Orchestrator built in Python. Vanquish leverages the opensource enumeration tools on Kali to perform multiple active information gathering phases. The results of each phase are fed into the next phase to identify vulnerabilities that could be leveraged f...

Cb Defense Q3 2017 Release Future-Proofs Your Ransomware Defenses

We’re excited to announce the Cb Defense Q3 2017 release is here! Cb Defense has always been focused on bringing you the best possible prevention, built upon our unique streaming prevention platform, combined with our market-leading endpoint detection and response EDR capabilities. The Q3 2017...

Aerohive Networks HiveManager Remote Shell Upload

I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and centralized monitoring of thousands of Aerohive access points,...

CVE-2017-14115

The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and...

VX Search Enterprise 10.0.14 Buffer Overflow

!/usr/bin/env python Exploit Title : VX Search Enterprise v10.0.14 Remote Buffer Overflow CVE-2017-13708 Discovery by : Anurag Srivastava and Nipun Jaswal Credtis : Team Pyramid Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 26/08/2017 Software Link :...

Updated ghostscript packages fix security vulnerability

Various userparams in Ghostscript allow %pipe% in paths, allowing remote shell command execution CVE-2016-7976. The .libfile function in Ghostscript doesn't check PermitFileReading array, allowing remote file disclosure CVE-2016-7977. Reference leak in the .setdevice function in Ghostscript allow...

Input validation

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

Oracle Solaris Remote Shell Code Execution (CVE-2017-3623)

A security bypass vulnerability has been reported in Oracle Solaris. The vulnerability is due to an error in the way the server validates RPC requests from unauthorized users. A remote attacker can exploit this issue by sending specially crafted RPC requests to the target. Successful exploitation...

Easy File Uploader Remote Shell Upload

Exploit Title: Easy File Uploader - Arbitrary File Upload Date: 27/04/2017 Exploit Author: Daniel Godoy Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Tested on: GNU/Linux GREETZ: Rodrigo...

LogRhythm Network Monitor - Authentication Bypass / Command Injection

Exploit Title: LogRhythm Network Monitor Auth Bypass Root RCE Public Disclosure Date: 24 Apr 2017 Author: Francesco Oddo Reference: http://security-assessment.com/files/documents/advisory/Logrhythm-NetMonitor-Advisory.pdf Software Link: https://logrhythm.com/network-monitor-freemium/ Version:...

SenNet Data Logger Appliances and Electricity Meters Multiple Vulnerabilities

The remote SenNet Appliances is affected by multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

SenNet Data Logger / Electricity Meter Code Execution

SenNet Data Logger appliances and Electricity Meters Multiple Vulnerabilities Note: Vendor has released the fix. Details to be documented in ICS-CERT Advisory. About SenNet is a trademark of Satel Spain that offers monitoring and remote-control solutions for businesses. Our engineers develop,...

Ubiquiti Networks Command Injection Vulnerability

Exploit for hardware platform in category web applications ======================================================================= title: Authenticated Command Injection product: Multiple Ubiquiti Networks products, e.g. TS-16-CARRIER, TS-5-POE, TS-8-PRO, AG-HP-2G16, AG-HP-2G20, AG-HP-5G23,...

Important: python-crypto

Issue Overview: A heap-buffer overflow vulnerability was discovered in cryptopp. This vulnerability can be used to remotely gain access to shell. Affected Packages: python-crypto Issue Correction: Run yum update python-crypto or yum update --advisory ALAS-2017-801 to update your system.Run yum...

Root privilege backdoor vulnerability in DBL Technology GSM voice gateway

DBL Technology is a communication equipment manufacturer located in Shenzhen, China. Its main products include GSM voice gateway, IP telephony gateway, enterprise softswitch, etc., which are mostly used by telephony companies and VoIP service providers. A root privilege backdoor vulnerability...

SQL command execution vulnerability in the sysId parameter of Wyspeed V2 video conferencing system

Vizz V2 Video Conferencing System is a video conferencing system. A SQL command execution vulnerability exists in the sysId parameter of the Vizz V2 video conferencing system. It allows an attacker to remotely write a shell and gain server privileges...