CVE-2021-31357 Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script

A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...

PT-2021-19257 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 20.3R2-S1-EVO Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R2-S2-EVO Juniper Networks Junos OS Evolved 21.1 versions prior to 21.1R2-EVO Juniper Networks Junos OS Evolved 21....

Juniper Networks Junos OS 操作系统操作系统命令注入漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS suffers from an operating system command injection vulnerability that stems from a command...

VMware vCenter Server Analytics (CEIP) Service File Upload

This module exploits a file upload in VMware vCenter Server's analytics/telemetry CEIP service to write a system crontab and execute shell commands as the root user. Note that CEIP must be enabled for the target to be exploitable by this module. CEIP is enabled by default. Module Options msf use...

VMware vCenter Server Analytics (CEIP) Service File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vCenter Server Analytics CEIP Service File Upload', 'Description' = %q This module exploits a file upload in VMware vCenter Server's...

REINER SCT Reiner TimeCard 信任管理问题漏洞

REINER SCT Reiner TimeCard is a chip card reading device from REINER SCT, Germany, used for access protection in secure online banking devices, terminals for dealers and merchants using girocard payments, and PC workstations. A security vulnerability exists in REINER SCT Reiner TimeCard version...

NETGEAR R6020 Command Injection Vulnerability

The NETGEAR R6020 is a router from Netgear, Inc. NETGEAR R6020 is vulnerable to a command injection vulnerability in version 1.0.0.48, which stems from a lack of validation and filtering in the ntpserver field of setup.cgi. An attacker with administrator status can use this vulnerability to injec...

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

DELL EMC OpenManage Enterprise-Modular OS Command Injection Vulnerability

An operating system command injection vulnerability exists in Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00. A remote attacker could exploit this vulnerability to execute arbitrary Shell commands on the affected system...

Nimplant - A Cross-Platform Implant Written In Nim

Nimplant is a cross-platform Linux & Windows implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated...

DEBIAN-CVE-2021-38173

Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using sshfilterbtrbk.sh in authorizedkeys...

Fortinet 多款产品操作系统命令注入漏洞

Fortinet FortiManager, a centralized network security management platform, is a centralized network security reporting solution, Fortinet FortiAnalyzer. FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for the FortiGate, FortiWiFi, and FortiAP product...

FortiManager, FortiAnalyzer and FortiPortal - Multiple OS command injection vulnerabilities

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager, FortiAnalyzer, and FortiPortal may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters...

CVE-2021-22125

An instance of improper neutralization of special elements in the sniffer module of FortiSandbox before 3.2.2 may allow an authenticated administrator to execute commands on the underlying system's shell via altering the content of its configuration file...

CVE-2020-5322

Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system...

CVE-2020-5322

Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system...

Command injection

Dell EMC OpenManage Enterprise-Modular OME-M versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system...

FortiSandbox 安全漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandbox technology, dynamic threat intelligence system, real-time control panel and reporting. FortiSandbox suffers from a security vulnerability that allows authenticated...