Motorola C1 and Motorola M2 OS Command Injection Vulnerability (CNVD-2019-34640)

The Motorola C1 and Motorola M2 are both routers from Motorola USA. An operating system command injection vulnerability exists in the Motorola C1 and Motorola M2. The vulnerability can be exploited to execute arbitrary operating system commands with the help of a specially crafted request...

Motorola C1 and Motorola M2 OS Command Injection Vulnerability (CNVD-2019-34638)

The Motorola C1 and Motorola M2 are both routers from Motorola USA. An operating system command injection vulnerability exists in the Motorola C1 and Motorola M2. The vulnerability can be exploited to execute arbitrary operating system commands with the help of a specially crafted request...

The vulnerability of the microprogrammed software of Pelco Sarix Enhanced and Spectra Enhanced cameras, related to insufficient neutralization of specific elements in the request, allows a intruder to execute arbitrary system commands.

The vulnerability of the microprogrammed software in Pelco Sarix Enhanced and Spectra Enhanced cameras is related to the insufficient neutralization of specific elements in the request. Exploiting this vulnerability can allow a intruder to execute arbitrary system commands...

vdsm: privilege escalation to root via systemd_run

A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemdrun function exposed to the vdsm system user could be abused to execute arbitrary commands as root...

GPON Router Remote Command Execution Vulnerability (CNVD-2019-06035)

GPON Gigabit-Capable PON technology is the latest generation of broadband passive optical integrated access standard based on the ITU-TG.984.x standard. Gigabit-Capable PON GPON technology is the latest generation of broadband passive optical integrated access standard based on ITU-TG.984.x...

Usermin 1.750 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...

Usermin 1.750 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

CVE-2019-7304

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...

runc: Execution of malicious containers allows for container escape and access to host filesystem

A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system...

ALPINE-CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

UBUNTU-CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

POWER EGG vulnerability where EL expression may be executed

Overview POWER EGG provided by D-CIRCLE inc. is an integrated collaboration tool. POWER EGG contains a vulnerability where an arbitray EL expression may be executed CWE-20. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

The vulnerability of the Cisco Webex Teams collaboration software exists due to the lack of measures taken to neutralize special elements used in the operating system’s command sequence. This allows attackers to execute arbitrary commands.

The vulnerability of the Cisco Webex Teams collaboration software exists because measures are not taken to neutralize the special elements used in the operating system’s command sequence. Exploiting this vulnerability allows an attacker to execute arbitrary commands with privileges of the target...

Arbitrary Command Execution

Overview pyxdg contains implementations of freedesktop.org standards in python. Affected versions of this package are vulnerable to Arbitrary Command Execution via the xdg.Menu.parse function. When it is possible to craft an evil menu file with a Category node containing Python injected code. The...

The vulnerability of the AMF protocol processing mechanism in Cisco Secure ACS’s security access control system allows a perpetrator to execute arbitrary commands.

The vulnerability of the AMF processing mechanism in the Cisco Secure ACS security control system is related to deficiencies in input data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially crafted AMF message...

CVE-2019-1636

A vulnerability in the Cisco Webex Teams client, formerly Cisco Spark, could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI that is defined in Windows operating systems. An attacker could exploit...

openSUSE Security Update : mutt (openSUSE-2019-52)

This update for mutt fixes the following issues : Security issues fixed : - bsc1101428: Mutt 1.10.1 security release update. - CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size bsc1101583. - CVE-2018-14353: Fix imapquotestring in imap/util.c that has a...

Webmin 1.900 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

Arbitrary Command Execution

ghostscript is vulnerable to arbitrary command execution. An incomplete fix for CVE-2018-16509 allows an attacker to exploit another variant of the vulnerability and bypass the -dSAFER protection to execute arbitrary command via malicious PostScript documents...