CVE-2017-8116

The management interface for the Teltonika RUT9XX routers aka LuCI with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request...

Remote Command Injection Vulnerability at Foscam camera Add User

FOSCAM Group is a national high-tech enterprise specializing in the design, research and development, manufacturing and sales of network cameras, network video recorders and other products. Remote command injection vulnerability exists in the usrName parameter of the CGIProxy.fcgi addAccount...

CVE-2017-8859

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root...

Design/Logic Flaw

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root...

GPG Suite Arbitrary Command Execution Vulnerability

GPG Suite is an iOS-based encryption and decryption suite for communication security. A security vulnerability exists in the 'installPackage' function of the installerHelper subcomponent in versions of GPG Suite prior to 2015.06. A local attacker can exploit the vulnerability to execute arbitrary...

Authentication Command Injection Vulnerability in PwdGrp.cgi for AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authentication command injection vulnerability exists in AVTECH device PwdGrp.cgi. The PwdGrp.cgi script can be used to...

CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...

Bihu's uRouter Wireless Router Has Multiple Vulnerabilities

Bihu uRouter Wireless Router is an enterprise-grade intelligent routing product manufactured and marketed by Bihu Technology in China. Multiple vulnerabilities exist in the Bihu uRouter. An unauthenticated attacker can bypass the system authentication mechanism by providing a random SID cookie...

Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution

i? Iris ID IrisAccess ICU 7000-2 Remote Root Command Execution Vendor: Iris ID, Inc. Product web page: http://www.irisid.com http://www.irisid.com/productssolutions/hardwareproducts/icu-7000-2/ Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1....

F5 iControl - 'iCall::Script' Root Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit3 "http://schemas.xmlsoap.org/soap/encoding/" STRINGATTRS = 'xsi:type' = 'urn:Common.StringSequence',...

RSA Web Threat Detection Elevation of Privilege Vulnerability

RSA Web Threat Detection is a big data and security analytics solution. A security vulnerability exists in RSA Web Threat Detection that could be exploited by a local attacker to inject special commands into a configuration file to execute arbitrary system commands with ROOT privileges...

Watchguard XCS FixCorruptMail Local Privilege Escalation

This module exploits a vulnerability in the Watchguard XCS 'FixCorruptMail' script called by root's crontab which can be exploited to run a command as root within 3 minutes. This module requires Metasploit: https://metasploit.com/download Current source:...

Red Hat OpenShift Enterprise Arbitrary Command Execution Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. A security vulnerability exists in Red Hat OpenShift Enterprise version 3.0.0.0 tha...

OP5 5.3.5/5.4.0/5.4.2/5.5.0/5.5.1 - 'license.php' Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 license.php Remote Command Execution', 'Description' = %q This module exploits an arbitrary root command execution...

Multiple Command Execution Vulnerabilities in AlienVault OSSIM and USM

AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM and USM web UI allows users to automate the deployment of OSSEC agents to windows hosts, Failure to filter correctly when providing usernames and passwords can...

DD-WRT v24-sp1 - (CSRF) Cross Site Reference Forgery Exploit

No description provided by source. Remote root dd-wrt -------------------------------------------------------------------------------- Written by Michael Brooks Special thanks to str0ke Exploits tested on the newist stable version: Firmware: DD-WRT v24-sp1 07/27/08 micro Product Homepage:...

Halloween Linux 4.0,RedHat Linux 6.1/6.2 imwheel Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1060/info A vulnerability exists in the 'imwheel' package for Linux. This package is known to be vulnerable to a buffer overrun in its handling of the HOME environment variable. By supplying a sufficiently long string...

MGASA-2013-0327 Updated torque packages fix CVE-2013-4495

Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the pbsserver CVE-2013-4495...

Sun SPARC Enterprise T5120 and T5220 Default Configuration Root Command Execution

The remote Sun SPARC Enterprise Server has been mistakenly shipped with factory settings in the pre-installed Solaris 10 image which configures the remote SSH server insecurely. As a result, local or remote users may leverage these misconfigurations to execute arbitrary commands with the privileg...

Zoom X4/X5 ADSL Modem and Router -Unauthenticated Remote Root Command Execution

Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Note: A similar vulnerability was reported several years ag...