Security Bulletin: IBM QRadar SIEM is vulnerable to OS Command Injection (CVE-2018-1571) (Updated 9/12/2018)

Summary User-supplied data may be passed to a system shell. Attackers could execute arbitrary commands on the system. Vulnerability Details CVEID: CVE-2018-1571 Description: IBM QRadar could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a...

Security Bulletin:IBM QRadar SIEM is vulnerable to command injection. (CVE-2017-1696)

Summary The product passes unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. This allows attackers to execute arbitrary commands on the system. Vulnerability Details CVEID: CVE-2017-1696 DESCRIPTION: IBM QRadar could allow a remote authenticated attacker to execute...

MikroTik RouterOS Remote Code Execution Vulnerability

MikroTik RouterOS is a routing operating system, and through the software to turn a standard PC computer into a professional router, in the development and application of the software is constantly updated and evolving, the software has undergone a number of updates and improvements, so that its...

Internet Bug Bounty: Roundcube virtualmin privilege escalation (CVE-2017-8114)

Description Password plugin in its virtualmin driver allows to an attacker, that has a valid username/password to login in his web panel, to execute malicious inputs. This could allow to an attacker to reset victim's password and in some scenarios getting a system shell. CVE CVE-2017-8114 Details...

CVE-2016-9197

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected...

CVE-2016-9197

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected...

CVE-2016-9197

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected...

Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass Vulnerability

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. The vulnerability is due to incorrect permission...

[SECURITY] Fedora 23 Update: ipython-3.2.1-3.fc23

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

[SECURITY] Fedora 21 Update: ipython-2.4.1-8.fc21

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

[SECURITY] Fedora 22 Update: ipython-2.4.1-8.fc22

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

[SECURITY] Fedora 22 Update: ipython-2.4.1-7.fc22

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

Sticky Keys Persistence Module

This module makes it possible to apply the 'sticky keys' hack to a session with appropriate rights. The hack provides a means to get a SYSTEM shell using UI-level interaction at an RDP login screen or via a UAC confirmation dialog. The module modifies the Debug registry setting for certain...

Blueberry Express 5.9.0.3678 - Local Buffer Overflow (SEH)

Document Title: =============== Blueberry Express v5.9.x - SEH Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1535 Video: http://www.vulnerability-lab.com/getcontent.php?id=1537 Release Date: ============= 2015-06-29...

Windows-NDPROXY-SYSTEM

Original crash ... null pointer dereference Access violation - code c0000005 !!! second chance !!! 00000038 ?? ??? NDPROXY Local SYSTEM privilege escalation from ctypes import from ctypes.wintypes import import os, sys kernel32 = windll.kernel32 ntdll = windll.ntdll GENERICREAD = 0x80000000...

[SECURITY] [email protected]

Package : bash Version : 4.1-3+deb6u1 CVE ID : CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash...

DSA-3032-1 bash - security update

Bulletin has no description...

[SECURITY] Fedora 20 Update: ipython-0.13.2-4.fc20

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

[SECURITY] Fedora 19 Update: ipython-0.13.2-4.fc19

IPython provides a replacement for the interactive Python interpreter with extra functionality. Main features: Comprehensive object introspection. Input history, persistent across sessions. Caching of output results during a session with automatically generated references. Readline based name...

FreeFTPD Remote Authentication Bypass Zeroday Exploit

No description provided by source. FreeFTPD all versions Remote System Level Exploit Zero-Day -- No username needed, straightforward rooting! Discovered & Exploited By Kingcope Year 2011 -- http://www.exploit-db.com/sploits/23079.zip Example banner: WeOnlyDo-wodFTPD 2.3.6.165 This package include...