CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...

RDK CcspWifiAgent Module Command Execution Vulnerability

RDK is a modular, portable, customizable open source IoT software solution from the RDK Management community. ccspWifiAgent is one of the modules that supports WiFi functionality. A security vulnerability exists in the cosawifiapis.c file of the CcspWifiAgent module in RDK version RDKB-20181217-1...

Debian: Security Advisory (DSA-4467-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4467-1 : vim - security update

User 'Arminius' discovered a vulnerability in Vim, an enhanced version of the standard UNIX editor Vi Vi IMproved. The 'Common vulnerabilities and exposures project' identifies the following problem : Editors typically provide a way to embed editor configuration commands aka modelines which are...

[SECURITY] [DSA 4467-1] vim security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4467-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2019 https://www.debian.org/security/faq -...

Code injection

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption

Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption Content Dim ar1&h3000000 Dim ar21000 Dim gremlin addressOfGremlin = &h28281000 Class MyClass Private mValue Public Property Let Valuev mValue = v End Property Public Default Property Get P P = mValue ' Wher...

EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code...

EulerOS Virtualization for ARM 64 3.0.1.0 : git (EulerOS-SA-2019-1385)

According to the versions of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

Command injection

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

Command injection

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

CVE-2019-7385

CVE-2019-7385 affects Raisecom ISCOM HT803G-U/HT803G-W/HT803G-1GE/HT803G GPON devices with firmware versions

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a syst...

CVE-2019-7384

CVE-2019-7384 affects Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON ONTs with firmware

CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below. The value of the fmgponloid parameter is used in a system call inside the boa binar...