NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection

Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...

Design/Logic Flaw

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

Cross site scripting

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...

Cisco Ultra Services Framework Staging Server Arbitrary Command Execution Vulnerability

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

Trend Micro InterScan Web Security Arbitrary Command Execution Vulnerability

Trend Micro InterScan Web Security is a Web security gateway that provides dynamic, integrated security for enterprise networks against Web-based threats. An arbitrary command execution vulnerability exists in Trend Micro InterScan Web Security. Port settings are not handled correctly due to SSH...

Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...

Tenda FH1202/F1202 and F1200 Routers Security Bypass Vulnerability

The Tenda FH1202, F1202 and F1200 are all wireless router products from Tenda China. A security bypass vulnerability exists in the Tenda FH1202, F1202, and F1200 routers using firmware prior to version 1.2.0.20. An attacker can exploit the vulnerability by sending shell commands directly and...

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

Design/Logic Flaw

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

CVE-2017-9138

There is a debug-interface vulnerability on some Tenda routers FH1202/F1202/F1200: versions before 1.2.0.20. After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering...

Code injection

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but...

CVE-2017-9135

An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program...

CVE-2017-9135

An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program...

Brocade Fibre Channel SAN Product Brocade Fabric OS Remote Elevation of Privilege Vulnerability

Brocade Fibre Channel SAN products are all switch products of the American company Brocade Brocade, and Brocade Fabric OS FOS is a set of embedded systems running on them. A remote elevation of privilege vulnerability exists in Brocade Fibre Channel SAN products with Brocade FOS versions prior to...

Privilege escalation

A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS FOS releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected...

Input validation

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...