IBM Cloud Pak for Security Injection Vulnerability

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. An injection vulnerability exists in IBM Cloud Pak for Security, which is caus...

The vulnerability in the rConfig network device configuration management web application for the CentOS operating system exists due to the lack of measures taken to neutralize special elements used in the operating system’s command line. This allows an attacker to execute arbitrary commands on the target system.

The vulnerability in the rConfig network device configuration management web application for the CentOS operating system relates to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

Arbtirary Command Execution

net-snmp is vulnerable to arbitrary command execution. An attacker is able to execute arbitrary commands as root due to SNMP write access to the EXTEND MIB...

CVE-2020-27131

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the...

Basetech Ge-131 Bt-1837836 安全漏洞

The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. An arbitrary system command execution vulnerability exists in the BASETech GE-131 BT-1837836. The vulnerability stems from the device using default credentials for a telnet server. A remote attacker can exploit this vulnerability to execut...

CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

CVE-2020-8270

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342...

Command injection

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

CVE-2020-8269

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9...

CVE-2020-8269

Citrix CVE-2020-8269 affects Citrix Virtual Apps and Desktops (VDA, App-V Service, UPS) with privilege escalation to SYSTEM. The root cause is unauthenticated/low-privilege user could execute arbitrary commands on the VDA or related components due to write access to C:\ or OS command handling vul...

ASUS TM-AC1900 Arbitrary Command Execution Exploit

This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for...

The vulnerability of the FXOS operating system, which arises due to the failure to address the issue of eliminating special elements, allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the FXOS operating system exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...

[ASA-202011-7] salt: multiple issues

Arch Linux Security Advisory ASA-202011-7 ========================================= Severity: Critical Date : 2020-11-10 CVE-ID : CVE-2020-16846 CVE-2020-17490 CVE-2020-25592 Package : salt Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1262 Summary ======= The...

Fedora 32 : salt (2020-f9fa7892f2)

Update to CVE release 3001.3-1 for Python3 Includes fixes for CVE-2020-16846, CVE-2020-17490, CVE-2020-25592 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it ...

Fedora 31 : salt (2020-9e040bd6dd)

Update to CVE release 3001.3-1 for Python3 Includes fixes for CVE-2020-16846, CVE-2020-17490, CVE-2020-25592 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it ...

Moxa MXView installation File Permission System Authorization Issues Vulnerability

Moxa MXView is a software from Moxa Taiwan, China specialized in managing networks. The software can be used to perform operations such as configuration processing for all devices within the network. An authorization issue vulnerability exists in the file permission system in Moxa MXView...

libssh: unsanitized location in scp could lead to unwanted command execution

A flaw was found with the libssh API function sshscpnew. A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target...

RHEL 8 : python38:3.8 (RHSA-2020:4641)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4641 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CVE-2018-19025

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc...