Nagios XI Arbitrary Command Execution Vulnerability

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting and rich data visualization. An arbitrary command execution vulnerability exists in Nagios XI 5.5.6. A remote authenticated attacker can exploit this vulnerability...

[ASA-201811-14] patch: multiple issues

Arch Linux Security Advisory ASA-201811-14 ========================================== Severity: High Date : 2018-11-12 CVE-ID : CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-808 Summary ======= The package patch before...

Brocade Fabric OS Arbitrary Command Execution Vulnerability

Fabric OS is the firmware for Brocade Communications Systems' Fibre Channel switches and Fibre Channel controllers. An arbitrary command execution vulnerability exists in the Brocade Webtools firmware update section of Brocade Fabric OS prior to 8.2.1, 8.1.2f, 8.0.2f, and 7.4.2d. A remote...

CVE-2018-15381 Cisco Unity Express Arbitrary Command Execution Vulnerability

A Java deserialization vulnerability in Cisco Unity Express CUE could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

Foscam Opticam i5 Arbitrary OS Command Execution Vulnerability

Foscam Opticam i5 is an IP camera from FOSCAM. An arbitrary OS command execution vulnerability exists in the ONVIF devicemgmt SetDNS method of the Foscam Opticam i5 with system firmware 1.5.2.11 and application firmware 2.21.1.128. A remote attacker could exploit this vulnerability to execute...

Roche Accu-Chek Inform II Base Unit/Base Unit Hub and CoaguChek/cobas h232 Handheld Base Unit License Issue Vulnerability

The Roche Accu-Chek Inform II Base Unit/Base Unit Hub and the CoaguChek/cobas h232 Handheld Base Unit are handheld blood testing medical devices from Roche, Switzerland. An authorization issue vulnerability exists in the Roche Accu-Chek Inform II Base Unit/Base Unit Hub versions prior to 03.01.04...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities affecting Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessa...

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801r

Summary Summary AT&T has released version 1801r for the Vyatta 5600. Advisory CVEs: CVE-2018-10860 CVE-2018-16741 CVE-2018-14618 CVE-2018-15473 CVE-2018-5391 CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682 Details of this release can be found at...

WebEx Local Service Permissions Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Local Service Permissions Exploit', 'Description' = %q This module exploits a flaw in the 'webexservice' Windows service, which runs as...

IPFire Firewall Command Injection Vulnerability

IPFire Firewall is an open source Linux-based firewall system . A command injection vulnerability exists in the backup.cgi file in versions prior to IPFire Firewall 2.21 Core Update 124, which can be exploited by an attacker to execute arbitrary commands...

Teltonika RUT9XX Arbitrary Command Execution Vulnerability

Teltonika RUT9XX routers also known as LuCI is a router product from the Lithuanian company Teltonika. An arbitrary command execution vulnerability exists in Teltonika RUT9XX with firmware version lower than 00.04.233, which is caused by the program's failure to perform proper access control and...

Multiple vulnerabilities in FileZen

Overview FileZen provided by Soliton Systems K.K. is an appliance for secure file transfer and sharing by mail or an web interface. FileZen contains multiple vulnerabilities listed below. Directory traversal CWE-22 - CVE-2018-0693 OS command injection CWE-78 - CVE-2018-0694 Soliton Systems K.K...

CVE-2018-12441

The CorsairService in Corsair Utility Engine has insecure default permissions: the Everyone group is granted SERVICE_ALL_ACCESS, enabling unprivileged local users to modify CorsairService BINARY_PATH_NAME and execute arbitrary commands, resulting in complete control of the system. Connected docum...

Cisco Identity Services Engine WEB Management Interface Arbitrary Command Execution Vulnerability

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A security vulnerability...

[ASA-201810-8] patch: multiple issues

Arch Linux Security Advisory ASA-201810-8 ========================================= Severity: High Date : 2018-10-09 CVE-ID : CVE-2018-6951 CVE-2018-6952 CVE-2018-1000156 Package : patch Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-619 Summary ======= The package...

Cisco Video Surveillance Manager Device Default Password Vulnerability

Cisco Video Surveillance Operations Manager is an enterprise-class video configuration and management solution. A device default password vulnerability exists in Cisco Video Surveillance Manager due to the presence of undocumented default static user credentials for the root account of the affect...

The vulnerability of ProtonVPN’s software for accessing VPN services arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows a malicious user to execute arbitrary commands or code with SYSTEM privileges.

The vulnerability of ProtonVPN’s software for accessing VPN services arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or code with SYSTEM privilege...

CVE-2018-17228

nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call...

Design/Logic Flaw

nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call...

PT-2018-2283 · Cisco · Cisco Small Business Routers

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could...