CVE-2017-12255

Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with...

Arbitrary File Write Vulnerability in KODExplorer v4.06 Frontend

KodExplorer Kodo Cloud formerly Mango Cloud is a private cloud and online file management system based on Web technology developed by Shanghai Daimu Networks Co., Ltd. and is committed to providing users with secure and controllable, reliable and easy-to-use, highly scalable private cloud...

FreeBSD : asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm (c599f95c-8ee5-11e7-8be8-001999f8d30b)

The Asterisk project reports : AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...

File upload vulnerability in frontend of sentcms v3.0.170127

SentCMS website management system is a simple and easy-to-use website management system created by Nanchang Tengshu Technology Co. SentCMS v3.0.170127 has a file upload vulnerability, due to the system fails to strictly detect the editor function when uploading files. A remote attacker can use th...

File upload vulnerability in WeiPHP 4.0beta frontend

WeiPHP is an open source WeChat public platform development framework, can easily build a personal WeChat public account operation platform. A file upload vulnerability exists in WeiPHP 4.0 beta, as ApiController.class.php fails to strictly filter input parameters. A remote attacker can exploit...

asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm

The Asterisk project reports: AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...

CVE-2017-6775

A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set o...

Override Access Vulnerability in S-CMS V3.0 dbm.asp Page

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 dbm.asp page has an override access vulnerability that can be exploited by an attacker to bypass Cookies authentication, execute arbitrary sql statements, and obtain the administrator's passwo...

Move sensitive information out of Synchrony JVM arguments

h3. Issue Running Synchrony as a stand-alone service for data center instances exposes sensitive information such as the database username/password, and public/private keys. These are all passed as JVM arguments. This means anyone with command-line access to the server can see this information vi...

Move sensitive information out of Synchrony JVM arguments

h3. Issue Running Synchrony as a stand-alone service for data center instances exposes sensitive information such as the database username/password, and public/private keys. These are all passed as JVM arguments. This means anyone with command-line access to the server can see this information vi...

Sonicwall Secure Remote Access (SRA) 8.1.0.2-14sv Command Injection

Sonicwall Secure Remote Access SRA - Command Injection Vulnerabilities Vendor: Sonicwall Dell Product: Secure Remote Access SRA Version: 8.1.0.2-14sv Platform: Embedded Linux Discovery: Russell Sanford of Critical Start www.CriticalStart.com CVE: cve-2016-9682 Tested against version 8.1.0.2-14sv ...

CVE-2014-7953

Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat'...

The vulnerabilities of Azure cloud services include those related to BIG-IP Application Security Manager, a device for securing applications; BIG-IP Access Policy Manager, a device for controlling access and remote authentication; BIG-IP Link Controller, a device for balancing internet traffic; BIG-IP Policy Enforcement Manager, a device for controlling and managing network traffic; BIG-IP Local Traffic Manager, a device for balancing local traffic; BIG-IP DNS, a device for securing web services; BIG-IP WebSafe, a device for securing web services; BIG-IP Advanced Firewall Manager, a device for providing network firewalls; and BIG-IP Application Acceleration Manager, a device for accelerating application processing. These vulnerabilities allow attackers to gain access to the BIG-IP host.

The vulnerability in Azure’s application security protection services—BIG-IP Application Security Manager, BIG-IP Access Policy Manager for access control and remote authentication, BIG-IP Link Controller for Internet traffic balancing, BIG-IP Policy Enforcement Manager for network traffic contro...

Code execution vulnerability in finecms

FineCMS is an efficient and simple small and medium-sized content management system based on PHP+MySql+CI framework. A code execution vulnerability exists in finecms. An attacker can exploit the vulnerability getshell...

MyBB 1.8.12 Stored XSS / File Enumeration Vulnerabilities

MyBB versions 1.8.12 and prior is vulnerable to a cross site scripting bug which can allow a moderator to take over an administrator's account and upload a webshell, or perform file enumeration in the instances where it is not possible to spawn a shell...

Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure Vulnerabilities

Invision Power Board version 4.1.19.2 suffers from reflective and stored cross site scripting, cross site request forgery, information disclosure, file upload, and shell access vulnerabilities. +--------------------------------------------------------------+ | Vulnerable Software: Invision Power...

Craft CMS File Upload Vulnerability

Craft CMS is a content management system CMS. Craft CMS suffers from a file upload vulnerability. A remote attacker can exploit this vulnerability by using a special method to upload files and execute code to write to a shell...

Stored Cross-site Scripting Vulnerability in KesionCMS Frontend ChangesUrl Parameter

KesionCMS intelligent website building system is a set of intelligent website building system developed by Xiamen Kesion Software Ltd. using ASP+ACCESS/MSSQL database architecture. There is a stored cross-site scripting vulnerability in the frontend of KesionCMS, as the frontend page...