The vulnerability of the software for centralizing device management in Fortinet FortiManager VM devices arises due to insufficient validation of input data. This allows a perpetrator to execute arbitrary code or perform arbitrary commands.

The vulnerability of the software for centralized device management in Fortinet FortiManager VM exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform arbitrary commands remotely...

CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the serviceedit.php file which will insert the malicious command into the database. To trigger the command, one needs to call the services.php file via a GET request with the service id...

CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the serviceedit.php file which will insert the malicious command into the database. To trigger the command, one needs to call the services.php file via a GET request with the service id...

ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)

A flaw was found in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands...

The vulnerability of Cisco Remote PHY software, related to insufficient input data validation, allows a perpetrator to execute arbitrary commands in the Linux kernel with root privileges.

The vulnerability of Cisco Remote PHY software is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands in the Linux kernel with root privileges...

WordPress pie-register plugin SQL injection vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. pie-register is a plugin for user registration and login form customization. A SQL injection vulnerability exists in WordPress...

UBUNTU-CVE-2019-14812

A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the...

UBUNTU-CVE-2019-14817

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to...

IBM DataPower Gateway Command Injection Vulnerability

IBM DataPower Gateway is a suite of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interfaces APIs, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across...

CVE-2019-4294

IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM...

CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

The vulnerability of the XStream Java library for converting objects to XML or JSON format allows attackers to execute arbitrary commands due to the recovery of unreliable data from memory.

The vulnerability of the XStream library for converting objects to XML or JSON format is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by interfering with the processing of XML objects or other support...

[ASA-201908-9] libreoffice-still: multiple issues

Arch Linux Security Advisory ASA-201908-9 ========================================= Severity: High Date : 2019-08-16 CVE-ID : CVE-2019-9848 CVE-2019-9849 Package : libreoffice-still Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1010 Summary ======= The package...

TP-Link M7350 V3 Command Injection Vulnerability

The TP-Link M7350 is a portable wireless router device from China P&L TP-Link. A command injection vulnerability exists in the TP-Link M7350 V3, which can be exploited by an attacker to execute illegal commands...

CVE-2019-10928

A vulnerability has been identified in SCALANCE SC-600 V2.0. An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated...

CVE-2019-10928

CVE-2019-10928 affects Siemens SCALANCE SC-600 (V2.0). The issue arises from improper adherence to coding standards (CWE-710) in the SC-600 firmware, allowing an authenticated attacker with network access via Port 22/TCP and, per updates, with physical access to the device, to trigger execution o...

Webmin 1.920 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.920 Unauthenticated RCE', 'Description' = %q This module exploits an arbitrary command execution vulnerability in Webmin 1.920 and prior...

RHEL 7 : vim (RHSA-2019:1947)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1947 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim/neovim: ':source!' command allows arbitrary command executio...

Amazon Linux 2 : vim (ALAS-2019-1239)

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution. CVE-2019-12735 C Tenable Network Security, Inc. The descriptive text and package checks in...

NewStart CGSL CORE 5.05 / MAIN 5.05 : vim Vulnerability (NS-SA-2019-0164)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has vim packages installed that are affected by a vulnerability: - It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim...