CVE-2017-15909

The CVE-2017-15909 entry applies to D-Link DGS-1500 Ax switches with versions before 2.51B021, which contain a hardcoded password enabling remote shell access. The RCE/unauthorized access stems from credential hardcoding in the device firmware, allowing an attacker to obtain shell access without ...

The vulnerability of the command-line interface of the Cisco Unified Computing System Central device’s centralized control system allows a perpetrator to escalate their privileges and gain access to the system’s shell.

The vulnerability of the Command Line Interface CLI of the Cisco Unified Computing System Central management system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious individual to increase their privileges and gain access to the system’s...

PT-2017-14278 · D Link · D-Link Dgs-1500

Name of the Vulnerable Software and Affected Versions: D-Link DGS-1500 Ax versions prior to 2.51B021 Description: The issue allows remote attackers to obtain shell access due to a hardcoded password. Recommendations: For versions prior to 2.51B021, update to version 2.51B021 or later to resolve t...

Design/Logic Flaw

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell...

CVE-2017-14331

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the "exsh restricted shell" protection mechanism and obtain an interactive shell...

CVE-2017-14330

Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process...

PT-2017-14099 · Idemia · Idemia Morphosmart 1300 Series

Name of the Vulnerable Software and Affected Versions: IDEMIA MorphoSmart 1300 Series devices affected versions not specified Description: The certificate import component in IDEMIA MorphoSmart 1300 Series devices allows local users to obtain a command shell and gain privileges via unspecified...

Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation

define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new attributeregparm3; preparekernelcredt preparekernelcred; commitcreds...

Code injection

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors...

CVE-2015-4650

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors...

Cisco UCS Central Software Command Injection Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A security vulnerability exists in the CLI in Cisco UCS Central Software, which arises from the program's failure to...

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

Input validation

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

CVE-2017-12255

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI, aka a Restricted Shell Break Vulnerability. An attacker could exploit this...

CVE-2017-12255

Cisco UCS Central Software CLI is vulnerable to a Restricted Shell Break due to insufficient input validation of CLI commands. An authenticated, local attacker can craft a command with specific arguments to gain shell access to the underlying system. Affected product: Cisco UCS Central Software (...

Cisco UCS Central Software Command Line Interface Restricted Shell Break Vulnerability

A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands entered in the CLI. An attacker could exploit this vulnerability by entering a specific command with...

Arbitrary File Write Vulnerability in KODExplorer v4.06 Frontend

KodExplorer Kodo Cloud formerly Mango Cloud is a private cloud and online file management system based on Web technology developed by Shanghai Daimu Networks Co., Ltd. and is committed to providing users with secure and controllable, reliable and easy-to-use, highly scalable private cloud...

FreeBSD : asterisk -- Unauthorized data disclosure and shell access command injection in app_minivm (c599f95c-8ee5-11e7-8be8-001999f8d30b)

The Asterisk project reports : AST-2017-005 - A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support this introduced an avenue where media could be hijacked. Instead of only learning a new...

File upload vulnerability in frontend of sentcms v3.0.170127

SentCMS website management system is a simple and easy-to-use website management system created by Nanchang Tengshu Technology Co. SentCMS v3.0.170127 has a file upload vulnerability, due to the system fails to strictly detect the editor function when uploading files. A remote attacker can use th...