CVE-2018-0394

Cisco Cloud Services Platform 2100 has a web upload function input-validation vulnerability that allows an authenticated, remote attacker to inject code and obtain restricted shell access. Root cause: insufficient validation of parameters in a UI function. Impact: restricted shell access on affec...

Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to a specific function within the...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Vulnerability

Exploit for hardware platform in category local exploits Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 buil...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build 1184-14 IPn4Gb 1.1.0 Rev 2 build 1090-2 IPn4Gb 1.1.0 Re...

Junos OS: A privilege escalation vulnerability exists where authenticated users with shell access can become root

An Improper Privilege Management vulnerability in a shell session of Juniper Networks Junos OS allows an authenticated unprivileged attacker to gain full control of the system. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D45 on SRX Series; 12.3X48 versions...

Kubernetes unprivileged API access

A remote, unauthenticated attacker is able to leverage API calls to execute commands and scripts or gain shell access via port 10250 https %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid110768; scriptversion"1.5";...

Microsoft Windows: Remote Shell Acces

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winremoteshaccess.nasl 11363 2018-09-12 13:46:05Z emoss $ Check value for Allow Remote Shell Access Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

PT-2018-3907 · Cisco · Cisco Fxos +2

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software versions prior to the fixed version Cisco NX-OS Software versions prior to the fixed version Description: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an...

Security Bulletin: Nova live snapshots use an insecure local directory (CVE-2013-7048)

Summary The directories that are used to temporarily store live snapshots on Nova compute nodes are writable to all local users. A local attacker with shell access on the compute nodes might, therefore, read and modify the contents of live snapshots before those files are uploaded to the image...

Code Execution Vulnerability in Emlog CMS

Emlog, short for every memory log, is a PHP and MySQL based blog and CMS builder. A code execution vulnerability exists in Emlog CMS. An attacker can use the vulnerability to obtain the physical path of the website, so as to backup and modify the database information, and realize the getshell by...

Cisco Enterprise NFV Infrastructure Software Secure Copy Protocol Server Input Validation Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from the U.S.-based Cisco. The platform enables full lifecycle management of virtualization services through a central coordinator and controller. secure copy protocol SCP server is one of the...

Cisco Warns of Three Critical Bugs in Digital Network Architecture Platform

Cisco Systems patched three bugs on Wednesday that are rated critical, tied to its Digital Network Architecture DNA Center platform. Cisco also warned of four additional vulnerabilities – each rated high. All of the vulnerabilities have available patches for mitigation. All three of the critical...

Input validation

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

CVE-2018-0279

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

CVE-2018-0279

CVE-2018-0279 affects Cisco Enterprise NFV Infrastructure Software (NFVIS) SCP server due to improper input validation of command arguments. An authenticated, remote attacker could exploit crafted SCP connections to gain shell access on the underlying Linux OS with a non-root account, potentially...

CVE-2018-0279

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability

A vulnerability in the Secure Copy Protocol SCP server of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. The vulnerability is due to improper input validation of...

Moxa EDR-810 Password Storage Vulnerability

The EDR-810 is a highly integrated industrial multi-port security router with firewall/NAT/VPN and two-layer manageable switch functionality. A password storage vulnerability exists in the operating system functionality of the Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could...

CVE-2017-12127

A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device...

CVE-2017-12127

CVE-2017-12127 affects Moxa EDR-810 (V4.1, build 17030317). A password storage vulnerability allows an attacker with shell access to read plaintext credentials from /magicP/cfg4.0/cfg_file/USER_ACCOUNT.CFG (mirrors /etc/shadow). CVSSv3.0 score ~4.4 (MEDIUM) with LOCAL access and HIGH confidential...