CVE-2019-1754

A vulnerability in the authorization subsystem of Cisco IOS XE Software could allow an authenticated but unprivileged level 1, remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to improper validation of user privileges of web UI users. An attacker...

Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD Command Injection Vulnerability

The Phoenix Contact RAD-80211-XD/HP-BUS and Phoenix Contact RAD-80211-XD are both high power WLAN wireless transceivers from Phoenix Contact, Germany. A command injection vulnerability exists in the PHOENIX CONTACT RAD-80211-XD and RAD-80211-XD/HP-BUS, which can be exploited by an attacker to...

openSUSE Security Update : containerd / docker and go (openSUSE-2019-1044)

This update for containerd, docker and go fixes the following issues : containerd and docker : - Add backport for building containerd bsc1102522, bsc1113313 - Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce. bsc1102522 - Enable seccomp support fate325877 - Update to...

Vdsm Arbitrary Command Execution Vulnerability

oVirt Virtual Desktop Server Manager vdsm is a virtual machine host manager for managing virtual machines running KVM hypervisor technology. The product is capable of managing virtual host storage, memory, and network resources, among other things, and supports the creation of virtual hosts. A...

CVE-2019-3831

CVE-2019-3831 affects vdsm, versions 4.19–4.30.3 and 4.30.5–4.30.8. The vulnerability arises from the systemd_run function exposed to the vdsm system user, which could be abused to execute arbitrary commands as root. The provided documents do not specify exploit details beyond this or a concrete ...

PHP Thumb Fltr Parameter Command Injection

A command injection vulnerability exists in a PHPThumb phpThumb fltr parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to phpThumb web page. Successful exploitation will result in arbitrary command execution...

Arbitrary Command Execution

donfig is vulnerable to arbitrary command execution. The collectyaml function in configobj.py does not prevent the loading of unsafe .yaml files provided by the user or by third-party packages, allowing for arbitrary code execution...

The vulnerability of the command-line interface of the Cisco Nexus Operating System allows a hacker to execute any command they desire.

The vulnerability of the command-line interface of the Cisco Nexus Operating System is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a local attacker to execute arbitrary commands...

The vulnerability of the command-line interface of the Cisco Nexus Operating System allows a hacker to execute any command they desire.

The vulnerability of the command-line interface of the Cisco Nexus Operating System is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a local attacker to execute arbitrary commands...

The vulnerability of the command-line interface implementation of Cisco NX-OS network operating systems for Cisco Nexus 9000 routers allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface implementation in Cisco NX-OS network operating systems for Cisco Nexus 9000 series routers is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

CVE-2019-7537

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution...

CVE-2019-5490

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

CUJO Smart Firewall Injection Vulnerability

CUJO Smart Firewall is a home smart firewall device from CUJO USA. An injection vulnerability exists in the configuration of the DHCP daemon in CUJO Smart Firewall using firmware version 7003. An attacker can exploit this vulnerability to execute arbitrary system commands...

Webmin 1.900 Upload Authenticated Remote Command Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes proc privilege is set the user can...

Webmin Upload Authenticated RCE

This module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the 'Running Processes' proc privilege is set the user can accurately...

The vulnerability of the McAfee Agent for Linux client component, which allows a hacker to execute arbitrary commands.

The vulnerability of the McAfee Agent for Linux client component is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2019-1611

A vulnerability in the CLI of Cisco NX-OS Software and Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI...

CVE-2019-1610

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

CVE-2019-1606

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker coul...

Motorola C1 and Motorola M2 OS Command Injection Vulnerability (CNVD-2019-34639)

The Motorola C1 and Motorola M2 are both routers from Motorola USA. An operating system command injection vulnerability exists in the Motorola C1 and Motorola M2. The vulnerability can be exploited to execute arbitrary operating system commands with the help of a specially crafted request...