Cisco UCS Manager Software Operating System Command Injection Vulnerability

The Cisco UCS 6400 Series Fabric Interconnects is a 6400 series switching matrix device from Cisco USA. An operating system command injection vulnerability exists in the local management CLI in Cisco UCS Manager Software, which stems from the program's failure to perform sufficient input validati...

CVE-2020-3173

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS on an affected device. The vulnerability is due to insufficient input validation of command...

Druva inSync Windows Client Arbitrary OS Command Execution Vulnerability

Druva inSync Client is a lightweight application that manages data backups and allows collaboration with other users.Druva inSync Windows Client is for Windows. An arbitrary operating system command execution vulnerability exists in Druva inSync Windows Client 6.5.0. The vulnerability stems from...

PT-2020-1992 · Cisco · Cisco Fxos +3

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software versions affected versions not specified Cisco UCS Manager Software versions affected versions not specified Description: The issue is related to insufficient input validation in the command-line interface of Cisco FXOS...

Moxa AWK-3131A Operating System Command Injection Vulnerability (CNVD-2020-13481)

Moxa AWK-3131A is a wireless access device from Moxa. An operating system command injection vulnerability exists in the 'Device Name' in the Moxa AWK-3131A using firmware version 1.13. An attacker can exploit this vulnerability to execute arbitrary system commands to take control of the device...

EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1151)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The...

CVE-2019-10796

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

IBM Spectrum Protect Plus Command Injection Vulnerability

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A command injection vulnerability exists in...

D-Link DCH-M225 Arbitrary OS Command Execution Vulnerability (CNVD-2020-13159)

The DCH-M225 is a Wifi portable audio extender. An arbitrary OS command execution vulnerability exists in D-Link DCH-M225 1.05b01 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1101)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ansible pipe lookup plugin arbitrary command execution vulnerability

Ansible is a computer system configuration manager. A security vulnerability in the Ansible pipe lookup plugin subprocess.Popen allows remote attackers to exploit the vulnerability to submit a special request that can execute arbitrary commands...

CVE-2013-1400

Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or pollid parameter in a viewPollResults or userlogs action...

TrendMicro Password Manager node.js Unsafe API Calls

When you install TrendMicro Antivirus on Windows, by default a component called Password Manager is also installed and automatically launched on startup. This product is primarily written in JavaScript with node.js, and opens multiple HTTP RPC ports for handling API requests. It took about 30...

CVE-2019-14514

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup this is unrelated to Red Hat's systemd init program, and is a closed-source proprietar...

CVE-2019-14514

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup this is unrelated to Red Hat's systemd init program, and is a closed-source proprietar...

Participants Database Temporal SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Participants Database plugin prior to version 1.9.5.5. T...

The vulnerability of the ajaxArchiveFiles.php component, a utility for managing the configuration of rConfig network devices, allows an attacker to execute arbitrary commands on the target system.

The vulnerability of the ajaxArchiveFiles.php component, a utility for managing the configuration of rConfig network devices, is related to errors in handling HTTP requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by sending...

CVE-2019-14514

An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup this is unrelated to Red Hat's systemd init program, and is a closed-source proprietar...

[ASA-202002-4] ksh: arbitrary command execution

Arch Linux Security Advisory ASA-202002-4 ========================================= Severity: High Date : 2020-02-08 CVE-ID : CVE-2019-14868 Package : ksh Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-1095 Summary ======= The package ksh before version...

CVE-2013-3628

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability...