Code injection

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

Code injection

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16148

The ping page of the administration panel in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via authenticated code injection over the network...

CVE-2020-15483

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access...

Ubiquiti Networks EdgeSwitch Operating System Command Injection Vulnerability

The Ubiquiti Networks EdgeSwitch is a Gigabit network switch device from Ubiquiti Networks, Inc. A command injection vulnerability exists in the Ubiquiti Networks EdgeSwitch using firmware version v1.9.0. The vulnerability can be exploited to execute arbitrary shell commands with elevated...

Cisco IOS XE SD-WAN Software Authentication Bypass (cisco-sa-auth-b-NzwhJHH7)

According to its self-reported version, Cisco IOS XE SD-WAN Software is affected by a authentication bypass vulnerability. The vulnerability exists because the affected software has insufficient authentication mechanisms for certain commands. An unauthenticated, physical attacker can exploit this...

Authorization Bypass

clamav is vulnerable to authorization bypass. The vulnerability exists as a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could...

CVE-2020-3236

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

Path traversal

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

CVE-2020-3236 Cisco Enterprise NFV Infrastructure Software Path Traversal Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This...

CVE-2020-3236

CVE-2020-3236 (Cisco NFV Infrastructure Software NFVIS) – Path Traversal Description summary: A vulnerability in the NFVIS CLI allows an authenticated, local attacker with valid admin credentials to perform path traversal via CLI command arguments, potentially gaining root shell access and overwr...

CVE-2020-3350 Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

CVE-2020-3350 Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

CVE-2020-3350

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

CVE-2020-3216

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

CVE-2020-3210

A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an authenticated, local attacker to execute arbitrary shell commands on the Virtual Device Server...

Authentication flaw

A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, physical attacker to bypass authentication and gain unrestricted access to the root shell of an affected device. The vulnerability exists because the affected software has insufficient authentication mechanisms for...

OpenEMR 5.0.1 - Remote Code Execution (1)

Title: OpenEMR 5.0.1 - Remote Code Execution 1 Exploit Author: Musyoka Ian Date: 2020-05-25 Title: OpenEMR 5.0.1 - Remote Code Execution Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...

Palo Alto Networks PAN-OS 7.1.x < 8.1.13 / 8.0.x < 8.1.13 / 8.1.x < 8.1.13 / 9.0.x < 9.0.7 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 8.1.13 or 8.0.x prior to 8.1.13 or 8.1.x prior to 8.1.13 or 9.0.x prior to 9.0.7. It is, therefore, affected by a vulnerability. - A predictable temporary file vulnerability in PAN-OS allows a local authenticate...