Cisco Unified Computing System Manager Remote Command Execution Vulnerability (cisco-sa-20160120-ucsm)

A vulnerability in a CGI script in the Cisco Unified Computing System UCS Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources,...

Mageia: Security Advisory (MGASA-2015-0478)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Centreon 2.6.x < 2.6.5 Multiple Vulnerabilities

According to its version number, the Centreon application hosted on the remote web server is version 2.6.x prior to 2.6.5. It is, therefore, affected by multiple vulnerabilities : - A cross-site request forgery XSRF vulnerability exists in the main.php script. A remote attacker can exploit this t...

ClipperCMS 1.3.0 - Code Execution

ClipperCMS 1.3.0 - Code Execution !/usr/local/bin/python Exploit for ClipperCMS 1.3.0 Code Execution vulnerability An account is required with rights to file upload eg a user in the Admin, Publisher, or Editor role The server must parse htaccess files for this exploit to work. Curesec GmbH...

AlienVault Unified Security Management Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges to root on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the server and database. A local...

Potential Command Injection

Overview Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify. Untrusted input passed in the call to libnotify.notify could result in execution of...

Design/Logic Flaw

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitlecodepage parameter to subtitle.cgi...

CVE-2015-6912

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitlecodepage parameter to subtitle.cgi...

CVE-2015-5222

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

CVE-2015-5222

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

RubyGems ruby-saml 'xml_security.rb' command injection vulnerability

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A command injection vulnerability exists in RubyGems ruby-saml. A remote attacker could use this vulnerability to execute arbitrary shell commands in...

Code injection

The Management Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter...

CVE-2015-5080

The Management Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter...

Citrix NetScaler ADC and NetScaler Gateway Remote Arbitrary Shell Command Execution Vulnerability

Citrix NetScaler ADCs are application delivery controllers that optimize enterprise service delivery.Citrix Access Gateway is a general purpose SSL VPN appliance. A security vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway that allows authenticated users to send specially crafte...

Endian Firewall 3.0.0 - OS Command Injection (Python)

Endian Firewall 3.0.0 - OS Command Injection Python !/usr/bin/env python Endian Firewall Proxy User Password Change /cgi-bin/chpasswd.cgi OS Command Injection Exploit POC Reverse TCP Shell Ben Lincoln, 2015-06-28 http://www.beneaththewaves.net/ Requires knowledge of a valid proxy username and...

FreeBSD : elasticsearch -- remote OS command execution via Groovy scripting engine (026759e0-1ba3-11e5-b43d-002590263bf5)

Elastic reports : Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...

CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...

CVE-2015-3408

CVE-2015-3408 affects Module::Signature (Perl). The vulnerability arises from how a crafted SIGNATURE file is handled when generating checksums from the signed manifest, allowing remote code execution. Affected: Module::Signature prior to 0.74. Consequences: arbitrary shell commands executed duri...

CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...

[SECURITY] [DSA 3261-1] libmodule-signature-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3261-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 15, 2015 http://www.debian.org/security/faq -...