PT-2017-6156 · Red Hat · Red Hat Enterprise Virtualization +1

Name of the Vulnerable Software and Affected Versions: ovirt-node version 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 Description: The issue arises from the ovirt safe delete config function in ovirtfunctions.py and other unspecified locations, which fails to properly...

The vulnerability in cgi_test.cgi of the built-in microprogramming software for IP cameras from AirLive – models BU-3026, BU-2015, and MD-3025 – allows a intruder to execute arbitrary commands on the operating system.

The vulnerability in cgitest.cgi of the built-in microprogramming software for AirLive BU-3026, AirLive BU-2015, and AirLive MD-3025 exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious...

The vulnerability of the built-in microprogramming software in Toshiba HEM-GW16A and Toshiba HEM-GW26A home routers exists due to the failure to take measures to neutralize certain components. This vulnerability allows attackers to execute arbitrary commands.

The vulnerability of the built-in microprogramming software in Toshiba HEM-GW16A and Toshiba HEM-GW26A home routers exists due to the failure to take measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execut...

[ASA-201709-11] newsbeuter: arbitrary command execution

Arch Linux Security Advisory ASA-201709-11 ========================================== Severity: High Date : 2017-09-16 CVE-ID : CVE-2017-12904 CVE-2017-14500 Package : newsbeuter Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-401 Summary ======= The...

Alienvault OSSIM av-centerd Util.pm sync_rserver Command Execution

require 'msf/core' class MetasploitModule 'Alienvault OSSIM av-centerd Util.pm syncrserver Command Execution', 'Description' = %q This module exploits a command injection vulnerability found within the syncrserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist...

Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution Exploit

Exploit for linux platform in category remote exploits require 'msf/core' class MetasploitModule 'Alienvault OSSIM av-centerd Util.pm syncrserver Command Execution', 'Description' = %q This module exploits a command injection vulnerability found within the syncrserver function in Util.pm. The...

The vulnerability of the Surveillance Station network storage component on QNAP TS212P allows a intruder to gain unauthorized access to the device and execute arbitrary commands.

The vulnerability of the Surveillance Station network storage component of QNAP TS212P is related to deficiencies in access control for device functions. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to the device and execute arbitrary commands...

UBUNTU-CVE-2015-0853

svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$xeyes...

Cisco IOS XE Software for Cisco ASR 920 Series Routers Arbitrary Command Execution Vulnerability

A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to...

Eyes Of Network (EON) < 5.2 Multiple Vulnerabilities

Eyes Of Network EON is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Unauthorized Access Vulnerability in China Mobile and Routing Apps

China Mobile He-Route APP is a cell phone supporting service software for He-Route. Unauthorized access vulnerability exists in China Mobile and Router APP. By analyzing the packet grabbing of the app to get the command interface to control the router, an attacker without administrator...

Digium Asterisk Open Source and Certified Asterisk Arbitrary Command Execution Vulnerabilities

Digium Asterisk Open Source and Certified Asterisk are both open source telephone exchange PBX system software from Digium, Inc. in the United States. The software supports voicemail, multi-party voice conferencing, and interactive voice response IVR. There are security vulnerabilities in Asteris...

Cisco Meeting Server Command Injection Vulnerability

Cisco WebEx Meetings are web conferencing solutions. Cisco Meeting Server has a security vulnerability in the CLI command parsing code that allows local attackers to exploit the vulnerability to submit a special request, inject arbitrary commands, and execute them...

CVE-2017-10811

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors...

CVE-2017-10811

Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors...

The vulnerability of the texlive-base package in the TeX Live system allows a perpetrator to execute arbitrary commands.

The vulnerability of the texlive-base package in the TeX Live system is related to the inclusion of the mpost command in the list of commands allowed to be executed from the original TeX code. The mpost command allows for the execution of other programs during the compilation of TeX documents...

SUSE-SU-2017:2200-1 Security update for subversion

This update for subversion fixes the following issues: - CVE-2017-9800: A malicious, compromised server or MITM may cause svn client to execute arbitrary commands by sending repository content with svn:externals definitions pointing to crafted svn+ssh URLs. bsc1051362 - Malicious user may commit...

Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability

Cisco Virtual Network Function Element Manager is the virtual network function element manager. A security vulnerability in the Cisco Virtual Network Function Element Manager command settings allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary...

Mercurial Command Injection Vulnerability

Mercurial is a software developer Matt Mackall developed a set of cross-platform distributed version control software written in the Python language . The software supports the simultaneous processing of plain text and binary files and so on. A remote command injection vulnerability exists in...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...