Default credentials

Bypassing password security vulnerability in McAfee Application and Change Control MACC 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility...

CVE-2017-3912

Bypassing password security vulnerability in McAfee Application and Change Control MACC 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility...

CVE-2017-3912 McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass

Bypassing password security vulnerability in McAfee Application and Change Control MACC 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility...

Information Builders WebFOCUS Business Intelligence Portal Command Injection Vulnerability

Information Builders WebFOCUS Business Intelligence Portal is a Business Intelligence Portal system from Information Builders USA. A command injection vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal version 8.1, which can be exploited by sending a specially...

Debian DLA-1495-1 : git-annex security update

The git-annex package was found to have multiple vulnerabilities when operating on untrusted data that could lead to arbitrary command execution and encrypted data exfiltration. CVE-2017-12976 git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an...

OpenEMR Remote Code Execution Vulnerability

OpenEMR is the open source electronic health record and medical practice management solution. OpenEMR suffers from a remote code execution vulnerability. Due to the failure to strictly filter incoming parameters when modifying configurations in the background, an attacker can exploit the...

Debian: Security Advisory (DLA-1455-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Concatenating unsanitized user input in the whereis npm module 0.4.1 allowed an attacker to execute arbitrary commands. The whereis module is deprecated and it is recommended to use the which npm module instead...

CVE-2017-2652

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

Design/Logic Flaw

Configuration/Environment manipulation vulnerability in the administrative interface in McAfee Web Gateway MWG MWG 7.8.1.x allows authenticated administrator users to execute arbitrary commands via unspecified vectors...

PT-2018-17709 · Mcafee · Mcafee Web Gateway

Name of the Vulnerable Software and Affected Versions: McAfee Web Gateway versions 7.8.1.x Description: The issue allows authenticated administrator users to execute arbitrary commands via unspecified vectors in the administrative interface. Recommendations: For McAfee Web Gateway version 7.8.1.x...

fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2018-0345

A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due t...

GHSA-JCW8-R9XM-32C6 Command Injection in dns-sync

Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve method. Recommendation - Use an alternative dns resolver - Do not allow untrusted input into dns-sync.resolve...

Command Injection in dns-sync

Affected versions of dns-sync have an arbitrary command execution vulnerability in the resolve method. Recommendation - Use an alternative dns resolver - Do not allow untrusted input into dns-sync.resolve...

QNAP Q'center Virtual Appliance Command Injection Vulnerability

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A command injection vulnerability exists in SSH in QNAP Q'center Virtual Appliance versions...

QNAP Q'center Virtual Appliance Command Injection Vulnerability (CNVD-2018-17103)

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A command injection vulnerability exists in the data in QNAP Q'center Virtual Appliance...

Joyent Node.js macaddress module command injection vulnerability

Joyent Node.js is the United States Joyent company's set of built on Google V8 JavaScript engine on top of the web application platform. macaddress module is used in one of the Mac address management module. A command injection vulnerability exists in Joyent Node.js macaddress module versions pri...

GitLab: Vulnerability in project import leads to arbitrary command execution

Summary: A filename regular expression could be bypassed and enable the attacker to create a symbolic link in Gitlab upload directory by importing a specially crafted Gitlab export. Further more, Gitlab is designed to not delete project upload directory currently. So, the attacker could delete th...

PT-2018-3718

Name of the Vulnerable Software and Affected Versions Info-ZIP Zip version 3.0 Description The issue is related to the use of memory after it has been freed, which can allow a remote attacker to access confidential information or cause a denial of service. The vulnerability is associated with the...