Command injection

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2019-7269

Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution...

CVE-2019-7274

Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root...

CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

CVE-2019-7276

Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...

CVE-2019-7276

Optergy Proton/Enterprise BMS is affected by CVE-2019-7276: unauthenticated remote code execution via a backdoor console. Public details show an undocumented backdoor script (Console.jsp) in the tools directory that enables full root access on vulnerable versions (notably 2.0.3a and earlier). Exp...

Cisco Data Center Network Manager Arbitrary File Upload Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. An arbitrary file upload vulnerability exists in the web-based management interfac...

The vulnerability of the command-line interface of the Cisco NX-OS network operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the command-line interface CLI of the Cisco NX-OS network operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a attacker to execute arbitrary code with root privileges on the Linux base operating system...

The vulnerability of the command-line interface of the Cisco NX-OS network operating system allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the command-line interface CLI of the Cisco NX-OS network operating system is related to insufficient validation of input data. Exploiting this vulnerability could allow a attacker to execute arbitrary code with root privileges on the Linux base operating system...

Exploit for Improper Input Validation in Apple Mac_Os_X

CVE-2019-8561 Proof of concept exploit for CVE-2019-8561 disc...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

Design/Logic Flaw

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

CVE-2019-9189

Summary of CVE-2019-9189 (FlexAir): Prima Systems FlexAir, versions 2.4.9api3 and earlier, allows uploading arbitrary Python scripts when configuring the main central controller. These scripts can be executed immediately with root privileges, enabling an authenticated attacker to gain full system...

CVE-2019-9189

Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker t...

The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a malicious actor to execute arbitrary code with root privileges.

The vulnerability of the Web interface of the Cisco Prime Infrastructure software for managing network life cycles and the Cisco Evolved Programmable Network Manager software for managing network services is related to incorrect data input validation. Exploiting this vulnerability could allow a...

Code injection

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root...

The vulnerability of the MPM module in the Apache HTTP server lies in the use of memory after it is released. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the MPM module in the Apache HTTP Server is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges using a specially created script...

New Apache Web Server Bug Threatens Security of Shared Web Hosts

Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in...

PT-2019-19405 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.5.11 Description: The issue allows authenticated users to execute arbitrary remote commands via a new autodiscovery job. There have been reports of cross-site scripting XSS that can lead to root remote code...

CVE-2018-20106

In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast...