CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

CVE-2018-4061

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP reque...

USN-3968-1: Sudo vulnerabilities

Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. CVE-2016-7076 It was discovered that Sudo did not properly parse the...

Arbitrary Command Execution

setroubleshoot is vulnerable to arbitrary command execution. The vulnerability exists due to the ability to trigger a SELinux denial through a file name, handled by the settpath function...

Arbitrary Command Execution

setroubleshoot is vulnerable to arbitrary command execution attacks. The vulnerability exists as the allowexecstack plugin can cause an execstack SELinux denial through a malicious filename...

Arbitrary Command Execution

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller MVC framework for web application development. Action Pack implemen...

CVE-2018-14996

The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...

Input validation

The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...

CVE-2018-14996

The Oppo F5 Android device with a build fingerprint of OPPO/CPH1723/CPH1723:7.1.1/N6F26Q/1513597833:user/release-keys contains a pre-installed platform app with a package name of com.dropboxchmod versionCode=1, versionName=1.0 that contains an exported service named...

The vulnerability of the rsync command processor in the RSSH command interface, due to insufficient input validation, allows a malicious actor to execute arbitrary commands.

The vulnerability of the rsync command processor in the RSSH command shell is related to errors in input data validation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...

CVE-2019-7304

CVE-2019-7304 affects Canonical snapd pre-2.37.1, where socket owner validation on the REST API Unix socket was insufficient, enabling local privilege escalation to root via snapd operations. The vulnerability is documented across multiple feeds (NVD, OSV, CVE listing) with CVSS v3.1 base score 9...

SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be specified in...

SystemTap 1.3 - MODPROBE_OPTIONS Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SystemTap MODPROBEOPTIONS Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a vulnerability in...

The vulnerability of the limited command interpreter rbash in the Bash shell allows a hacker to execute arbitrary commands.

The vulnerability of the limited command interpreter rbash in the Bash shell lies in insufficient validation of the values of the BASHCMDS array. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the McAfee Application and Change Control control tool arises from implementation errors in the execution restriction policy, allowing a malicious actor to execute arbitrary commands.

The vulnerability of the McAfee Application and Change Control control tool is related to errors in the implementation of the execution restriction policy. Exploiting this vulnerability allows an attacker to execute arbitrary commands using the command line...

The vulnerability of the Cisco IOS XE operating system, which allows a hacker to execute arbitrary commands with elevated privileges

The vulnerability of the Cisco IOS XE operating system exists due to insufficient checks on commands provided by users. Exploiting this vulnerability allows a malicious actor, after verifying their identity, to execute arbitrary commands with elevated privileges by sending specially crafted...

[SECURITY] [DSA 4429-1] spip security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4429-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 10, 2019 https://www.debian.org/security/faq -...

The vulnerability of the rssh command shell lies in the lack of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the rssh command shell is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands through the command shell...

CVE-2018-1640

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force I...

Grandstream GXV3611IR_HD Command Injection Vulnerability

The Grandstream GXV3611IRHD is a webcam from Grandstream. A security vulnerability exists in Grandstream GXV3611IRHD versions prior to 1.0.3.23. An attacker can exploit this vulnerability to execute illegal commands...