CVE-2019-6618

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, users with the Resource Administrator role can modify sensitive portions of the filesystem if provided Advanced Shell Access, such as editing /etc/passwd. This allows modifications to user objects and i...

PT-2019-18197 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 11.5.2 through 11.5.8 BIG-IP versions 11.6.1 through 11.6.3.4 BIG-IP versions 12.1.0 through 12.1.4 BIG-IP versions 13.0.0 through 13.1.1.4 BIG-IP versions 14.0.0 through 14.1.0.1 Description: The issue allows Administrator an...

F5 Networks BIG-IP : Appliance mode tmsh vulnerability (K87659521)

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, Administrator and Resource Administrator roles might exploit TMSH access to bypass Appliance Mode restrictions on BIG-IP systems. CVE-2019-6615 Impact Attackers can gain access to an Advanced Shell bash...

F5 Networks BIG-IP : BIG-IP Resource Administrator vulnerability (K07702240)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.5.9 / 11.6.4 / 12.1.4.1 / 13.1.1.5 / 14.1.0.2 / 15.0.0. It is, therefore, affected by a vulnerability as referenced in the K07702240 advisory. - On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4...

Exploit for Path Traversal in Atlassian Confluence_Server

CVE-2019-3396 Confluence 未授权 RCE CVE-2019-3396 漏洞...

Cisco IOS XE Software Shell Access Authentication Bypass (cisco-sa-20180926-shell-access)

According to its self-reported version, Cisco IOS XE Software is affected by the following vulnerability: - An Authentication bypass in the shell access request mechanism. An authenticated attacker could exploit this in order to bypass authentication and gain root access to the system...

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...

CVE-2019-9146

CVE-2019-9146 affects Jamf Self Service 10.9.0. A MITM attacker could leverage the feature to publish Bash shell scripts and inject the string "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream, enabling escalation to a root shell. The base metrics indicate hi...

File Upload Vulnerability in eZiosuite eLearning Platform

eZiosuite online teaching platform is the central system of the whole digital learning, which is a digital learning platform integrating course management, online preparation and production of network courses, course teaching, course resource sharing, and teacher-student interaction. A file uploa...

The vulnerability of the Shell Access Filter function in Cisco Firepower Management Center software allows a intruder to trigger a service failure.

The vulnerability of the Shell Access Filter function in Cisco Firepower Management Center software is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted request...

CVE-2019-8313

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...

CVE-2019-8313

An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...

OpenMRS Platform Insecure Object Deserialization

Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N JAVA 8 ENVIRONMENT By injecting an XML payload ...

CVE-2019-1656

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

CVE-2019-1656

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

CVE-2019-1656 Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

CVE-2019-1656

Cisco Enterprise NFV Infrastructure Software (NFVIS) contains an input-validation vulnerability in its CLI that can allow an authenticated, local attacker to gain shell access to the underlying Linux OS via CIMC console connections (not via remote access). The issue is triggered by crafting comma...

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation in the affected software. An...

Race condition

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...

CVE-2018-15458

A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center FMC, when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occur...