1764 matches found
Command injection
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to 12.1X44-D60; 12.1X46...
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection
NfSen 1.3.7 AlienVault OSSIM 4.3.1 - customfmt Command Injection Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1...
NfSen 1.3.7 / AlienVault OSSIM 4.3.1 customfnt Command Injection
Exploit Title: NfSen/AlienVault remote root exploit command injection in customfmt parameter Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault USM/OSSIM 4.3.1 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/...
NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection
Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...
Design/Logic Flaw
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...
CVE-2017-6707
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...
Cross site scripting
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...
CVE-2017-6707
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...
Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability
A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...
Trend Micro InterScan Web Security Arbitrary Command Execution Vulnerability
Trend Micro InterScan Web Security is a Web security gateway that provides dynamic, integrated security for enterprise networks against Web-based threats. An arbitrary command execution vulnerability exists in Trend Micro InterScan Web Security. Port settings are not handled correctly due to SSH...
Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities
According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...
Tenda FH1202/F1202 and F1200 Routers Security Bypass Vulnerability
The Tenda FH1202, F1202 and F1200 are all wireless router products from Tenda China. A security bypass vulnerability exists in the Tenda FH1202, F1202, and F1200 routers using firmware prior to version 1.2.0.20. An attacker can exploit the vulnerability by sending shell commands directly and...
CVE-2017-9138
There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...
CVE-2017-9138
There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...
Design/Logic Flaw
There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...
CVE-2017-9138
There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...
CVE-2017-9135
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program...
Code injection
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but...
CVE-2017-9135
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program...
Brocade Fibre Channel SAN Product Brocade Fabric OS Remote Elevation of Privilege Vulnerability
Brocade Fibre Channel SAN products are all switch products of the American company Brocade Brocade, and Brocade Fabric OS FOS is a set of embedded systems running on them. A remote elevation of privilege vulnerability exists in Brocade Fibre Channel SAN products with Brocade FOS versions prior to...