CVE-2018-0493

remctld in remctl before 3.14, when an attacker is authorized to execute a command that uses the sudo option, has a use-after-free that leads to a daemon crash, memory corruption, or arbitrary command execution...

remctl memory misreference vulnerability

remctl is a client/server application that supports remote execution of specific commands. A memory misreference vulnerability exists in remctld in remctl prior to 3.14 when an attacker is authorized to execute commands with the sudo option. An attacker could use this vulnerability to cause a...

Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code Execution', 'Description' = %q This module exploits a Remote...

CVE-2018-0539

QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors...

CVE-2018-0539

The CVE-2018-0539 entry concerns QQQ SYSTEMS version 2.24, a Perl CGI-based quiz tool, which contains an OS command injection vulnerability (CWE-78). Connected sources confirm that an attacker can execute arbitrary commands on the server with the web server’s privileges, due to the vulnerable com...

CentOS 7 : ruby (CESA-2018:0378)

An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Cisco ASR 5000 Series Aggregation Services Routers StarOS OS CLI Command Injection Vulnerability

Cisco ASR 5000 Series Aggregation Services Routers is a 5000 series security router appliance from Cisco. the StarOS operating system is a set of virtualized operating systems that run on it. the CLI is a command-line interface. A command injection vulnerability exists in the CLI of the StarOS...

CVE-2018-0521

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors...

CVE-2018-0521

The CVE-2018-0521 issue affects Buffalo WXR-1900DHP2 firmware versions 2.48 and earlier. The vulnerability is a Missing Authentication for Critical Function (CWE-306) that allows an attacker on the connected network to bypass authentication and execute arbitrary commands on the device via unspeci...

JVN#15201064: Multiple vulnerabilities in CG-WGR1200

CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. Buffer Overflow CWE-119 - CVE-2017-10852 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

Chrome OS Arbitrary Command Execution Vulnerability

Google Chrome OS is a fast, lightweight, open source Web-based operating system developed by Google. A security vulnerability exists in Google Chrome OS versions prior to 53.0.2785.144. A remote attacker can exploit the vulnerability to execute arbitrary commands at boot time...

ASUSWRT vpnupload.cgi authentication bypass

Added: 02/28/2018 CVE: CVE-2018-5999 Background ASUSWRT is the firmware used in many ASUS devices. Problem The combination of two separate vulnerabilities in ASUSWRT allows remote attackers to execute arbitrary commands. The first vulnerability allows an unauthenticated user to make certain POST...

Exodus Wallet (ElectronJS Framework) remote Code Execution

This module exploits a Remote Code Execution vulnerability in Exodus Wallet, a vulnerability in the ElectronJS Framework protocol handler can be used to get arbitrary command execution if the user clicks on a specially crafted URL. This module requires Metasploit: https://metasploit.com/download...

KDE Plasma Workspace Command Execution Vulnerability

KDE Plasma Workspace is an umbrella term for all graphical environments developed by the KDE community and is part of KDE Software Compilation 4, the latest series of desktop environments. A security vulnerability exists in the soliduiserver/deviceserviceaction.cpp file in KDE Plasma Workspace...

Debian DLA-1294-1 : golang security update

It was discovered that there was an arbitrary command execution vulnerability in the Go programming language. The 'go get' implementation did not correctly validate 'import path' statements for '://' which allowed remote attackers to execute arbitrary OS commands via a crafted website. For Debian...

Red Hat libvirt util/virlog.c file arbitrary command execution vulnerability

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A security vulnerability in the util/virlog.c file in Red Hat...

CVE-2018-6764

CVE-2018-6764 affects libvirt: util/virlog.c may fail to determine the hostname during LXC container startup, enabling a local attacker (guest OS user) to bypass container protections and run arbitrary commands via a crafted NSS module. The issue is concrete in libvirt’s LXC handling and NSS modu...

Trend Micro Email Encryption Gateway Arbitrary Command Execution Vulnerability

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. An arbitrary command execution vulnerability exists in Trend Micro Email...

Trend Micro Email Encryption Gateway Arbitrary Command Execution Vulnerability (CNVD-2018-04486)

Trend Micro Email Encryption is a suite of identity-based email encryption solutions from Trend Micro, Inc. The Trend Micro Email Encryption Gateway TMEEG is one of the gateway products that provides data protection. An arbitrary command execution vulnerability exists in Trend Micro Email...

MetInfo config/config_db.php file arbitrary command execution vulnerability

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A security vulnerability exists in MetInfo version 6.0.0, which stems from sloppy filtering of the configuration file in the config/configdb.php file. An attacker can exploit the...