CVE-2018-18652

A remote command execution vulnerability in Veritas NetBackup Appliance before 3.1.2 allows authenticated administrators to execute arbitrary commands as root. This issue was caused by insufficient filtering of user provided input...

PT-2018-14321 · Citrix · Citrix Xen Mobile

Name of the Vulnerable Software and Affected Versions: Citrix Xen Mobile versions through 10.8 Description: The issue allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000, and 30001. The vendor disputes that thi...

CVE-2018-0481

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability exist because the affected software improperly sanitizes command arguments, faili...

cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root

CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by security vulnerabilities (CVE-2016-2985 and CVE-2016-2984)

Summary Security vulnerabilities have been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow: - a local attacker to execute commands as root by setting environment variables processed by setuid programs CVE-2016-2985 - a local attacker to execute commands as root by...

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by security vulnerabilities. (CVE-2016-2985 and CVE-2016-2984)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root. IBM PureApplication System provides a GPFS pattern and addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-2985...

CVE-2018-0324

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...

The vulnerability of the registration and accounting subsystem of the wireless access point for Moxa AWK-3131A industrial systems allows a intruder to execute arbitrary commands with root privileges.

The vulnerability of the registration and accounting subsystem of the wireless access point for Moxa AWK-3131A industrial systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious act...

CVE-2018-0176

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerabilities are due to the affected softwa...

CVE-2018-8739

VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root...

Citrix NetScaler VPX Server-Side Request Forgery Vulnerability

NetScaler VPX provides complete NetScaler Web and application load balancing, security and remote access, acceleration, security and offloading capabilities in a simple, easy-to-install virtual appliance. A server-side request forgery vulnerability exists in Citrix NetScaler VPX. An authenticated...

Command Execution Vulnerability in the pelco Sarix Enhanced Dot1xSetupController.php File

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, allowing an attacker who has been...

Command Execution Vulnerability in the pelco Sarix Enhanced GeneralSetupController.php File

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced GeneralSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, which allows an attacker...

The vulnerability in the embedded microprogramming software of Comcast’s Cisco DPC3939 allows a hacker to execute arbitrary shell commands with root privileges.

The vulnerability of the embedded microprogramming software in Comcast’s Cisco DPC3939 router is related to deficiencies in access control for the local network. Exploiting this vulnerability allows a malicious actor to execute arbitrary shell commands with root privileges by connecting to the...

The vulnerability of the Role-Based Access Control (RBAC) access control function in the data center network management system, Prime Data Center Network Manager, allows a perpetrator to gain access to confidential information or execute arbitrary code.

The vulnerability of the Role-Based Access Control RBAC access control function in the data center network management system, Prime Data Center Network Manager DCNM, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to...

CVE-2017-9497

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route...

Schneider Electric Pelco Sarix/Spectra Cameras Remote Code Execution Vulnerability

Pelco Sarix/Spectra Cameras is a video camera. A remote code execution vulnerability exists in the Schneider Electric Pelco Sarix/Spectra Cameras. A remote attacker can exploit the vulnerability to execute arbitrary system commands, authorize system access with root privileges, and use specially...

CVE-2017-6619

A vulnerability in the web-based GUI of Cisco Integrated Management Controller IMC 3.01c could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP inpu...

CVE-2016-9269

Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance IWSVA version 6.5-SP2BuildLinux1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update...

CVE-2016-0236

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field...