CVE-2018-19025

CVE-2018-19025 affects JUUKO K-808 (and related JUUKO hardware). A vulnerability exists in the handling of radio data between transmitter and receiver that allows an attacker to craft a packet encoding an arbitrary command, enabling command injection on vulnerable installations. Red Hat/ZDI and I...

Synology Router Manager Access Control Error Vulnerability (CNVD-2020-60456)

Synology Router Manager SRM is a software for configuring and managing Synology routers from Synology Inc. of Taiwan, China. An access control error vulnerability exists in Synology Router Manager SRM versions prior to 1.2.4-8081, which stems from an improper access control vulnerability in lbd...

CVE-2020-7384

Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine...

CVE-2020-15272

The CVE-2020-15272 entry concerns the git-tag-annotation-action (open source GitHub Action) prior to version 1.0.1. Affected logic allows an attacker to execute arbitrary shell commands if they control the tag input or can alter the GITHUB_REF environment variable. The issue is patched in version...

UCMS Command Execution Vulnerability

UCMS is a content management system written in PHP. UCMS v1.4.8 version of the existence of command execution vulnerability, the vulnerability stems from the file written fopen function there are arbitrary command execution vulnerability, an attacker can take advantage of the vulnerability can be...

CVE-2020-25483

An arbitrary command execution vulnerability exists in the fopen function of file writes of UCMS v1.4.8, where an attacker can gain access to the server...

Command injection

An arbitrary command execution vulnerability exists in the fopen function of file writes of UCMS v1.4.8, where an attacker can gain access to the server...

CVE-2020-25483

An arbitrary command execution vulnerability exists in the fopen function of file writes of UCMS v1.4.8, where an attacker can gain access to the server...

CVE-2020-25483

UCMS v1.4.8 contains an arbitrary command execution vulnerability in the fopen() function used for file writes. The issue stems from UCMS’s handling of file writes, enabling an attacker to gain access to the server. Public references from NVD, Red Hat, CNVD and others corroborate the vulnerabilit...

IBM QRadar Untrusted Data Deserialization Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An untrustworthy...

Nord Security: Possible RCE through Windows Custom Protocol on Windows client

Summary: The NordVPN windows client application registered two custom protocols NordVPN: and NordVPN.Notification: for process communication. This makes us are able to communicate with NordVPN.exe from web browser. After looking the executable binary, I noticed the class...

Ubuntu: Security Advisory (USN-4569-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[ASA-202009-14] yaws: multiple issues

Arch Linux Security Advisory ASA-202009-14 ========================================== Severity: High Date : 2020-09-26 CVE-ID : CVE-2020-12872 CVE-2020-24379 CVE-2020-24916 Package : yaws Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1228 Summary ======= The packag...

CloudBees Jenkins Perfecto Arbitrary Command Execution Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . Jenkins Perfecto plugin versi...

CVE-2020-0391

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0391

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0391

In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2020-0391

CVE-2020-0391 is an Android elevation-of-privilege issue in PackageManagerService.applyPolicy that allows arbitrary command execution as System due to an unenforced protected-broadcast. It enables local privilege escalation with no user interaction on Android 9–11. The Android bulletin notes this...

CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

CVE-2020-2261

Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller...