The vulnerability of the Cisco Web Security Appliance’s logging subsystem allows a hacker to execute arbitrary commands and elevate their privileges to the root level.

The vulnerability of the Cisco Web Security Appliance WSA’s reporting subsystem is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands and elevate their privileges to the root level...

Python NumPy Library Command Injection (CVE-2019-6446)

A Command Injection vulnerability exists in Python NumPy library. An authenticated attacker can send a specially crafted pickle file to the affected target host and trigger arbitrary command execution...

Schneider Electric 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera Arbitrary OS Command Execution Vulnerability

Schneider Electric 1st Gen Pelco Sarix Enhanced Camera and Schneider Electric Spectra Enhanced PTZ Camera are products of Schneider Electric, France. The Schneider Electric 1st Gen Pelco Sarix Enhanced Camera is a series of fixed IP cameras and the Schneider Electric Spectra Enhanced PTZ Camera i...

Sierra Wireless AirLink Command Injection (CVE-2018-4061)

A command injection vulnerability exists in Sierra Wireless AirLink. An authenticated attacker can send A specially crafted HTTP request to the affected target host and trigger arbitrary command execution...

CVE-2018-7829

An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...

CVE-2019-1795

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed ...

CVE-2019-1775

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker cou...

CVE-2019-1776

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command ...

CVE-2019-1781

A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-1791

Cisco NX-OS Software Command Injection (CVE-2019-1791) affects the CLI of Cisco NX-OS; an authenticated local attacker with administrator credentials can exploit insufficient validation of CLI arguments to run arbitrary commands on the underlying Linux/OS with elevated privileges. Impact includes...

CVE-2019-1784

CVE-2019-1784 affects Cisco NX-OS Software CLI: insufficient validation of arguments in a specific CLI command allows an authenticated, local attacker to run arbitrary commands on the underlying Linux OS with root privileges. The issue arises from improper argument validation on the affected devi...

CVE-2019-1779

Cisco FXOS and NX-OS Software contain a command-injection vulnerability in the CLI due to insufficient validation of arguments for certain commands. An authenticated, local attacker with valid credentials could exploit this to execute arbitrary OS commands with elevated privileges on the affected...

CVE-2019-1775

Cisco NX-OS Software Command Injection vulnerability CVE-2019-1775 affects the CLI of Cisco NX-OS, where an authenticated local attacker can pass malicious CLI arguments to cause arbitrary commands to run on the underlying OS with elevated privileges. Exploitation requires valid administrator cre...

PT-2019-15250 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected...

Cisco FXOS and NX-OS Command Injection Vulnerability (CNVD-2019-14616)

Cisco FXOS is the Firepower extensible operating system.Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A command injection vulnerability exists in the CLI of Cisco FXOS and NX-OS. The...

PT-2019-15251 · Cisco · Cisco Nx-Os +1

Name of the Vulnerable Software and Affected Versions: Cisco NX-OS Software affected versions not specified Description: A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected...

Gemalto Ezio Server Operating System Command Injection Vulnerability

Gemalto Ezio Server is an authentication server from Gemalto USA. An operating system command injection vulnerability exists in Gemalto Ezio Server versions prior to 3.1.0, which can be exploited by an attacker to execute illegal operating system commands...

Input validation

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version...

D-Link DWL-2600AP Save Configuration Command Injection Vulnerability

The D-Link DWL-2600AP is a wireless accessor. A command injection vulnerability exists in the D-Link DWL-2600AP Save Configuration, which can be exploited by an attacker to execute arbitrary operating system commands on the device...

Command injection

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...