1821 matches found
CVE-2019-20773
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...
Command injection
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. Unprivileged applications can execute shell commands via the connectivity service. The LG ID is LVE-SMP-190008 August 2019...
CVE-2019-20773
CVE-2019-20773 affects LG mobile devices running Android OS 7.x–9.0; the issue allows unprivileged applications to execute shell commands via the connectivity service. Root cause is not detailed in the provided documents; no exploit specifics or remediation are described in the connected sources....
Dynamics Business Central Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server. To exploit the vulnerability, an authenticated attacker needs to convince the victim into conne...
CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
Design/Logic Flaw
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
CVE-2019-14868
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...
PHP: Multiple vulnerabilities
Background PHP is an open source general-purpose scripting language that is especially suited for web development. Description Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact An attacker could possibly execute arbitrary...
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...
Sql injection
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...
CVE-2020-5722
The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...
Cumulative Update 27 for Microsoft Dynamics NAV 2018 (Build 41203)
Cumulative Update 27 for Microsoft Dynamics NAV 2018 Build 41203 This article applies to Microsoft Dynamics NAV 2018 for all countries and all language locales.A remote code execution vulnerability exists in Microsoft Dynamics NAV. A user who has the permission to access certain features that...
Dynamics Business Central Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server. To exploit the vulnerability, an authenticated attacker needs to convince the victim into conne...
Ubuntu 18.04 LTS : OpenSMTPD vulnerabilities (USN-4294-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4294-1 advisory. It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell...
Command Execution Vulnerability Exists in OpenSMTPD's
OpenSMTPD is a free implementation of the server-side SMTP protocol , and provides some additional standard extensions . OpenSMTPD's suffers from a command execution vulnerability. An attacker can execute arbitrary shell commands on a vulnerable OpenSMTPD installation...
CVE-2019-14894
A flaw was found in the CloudForms management engine, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root...
Microsoft Windows and Windows Server Privilege Mobilization Vulnerability (CNVD-2020-10153)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A privilege extraction vulnerability exists in Microsoft Windows and Windows Server, which...