7632 matches found
Arbitrary Command Execution
windows-cpu is vulnerable to arbitrary command execution. This is because the findLoad method doesn't sanitize or perform any validation before passing user-input to the shell...
The vulnerability of the microprogramming software in the access control system for the NetScaler Gateway allows a intruder to execute any command they desire.
The vulnerability of the microprogramming software in the access control system for the NetScaler Gateway lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using uncertain vectors...
Eir D1000 Arbitrary Command Execution Vulnerability
The Eir D1000 is a modem from Eir Ireland. A security vulnerability exists in the Eir D1000 modem that stems from the program failing to properly restrict the TR-064 protocol. A remote attacker can exploit the vulnerability to execute arbitrary commands on TCP port 7547...
Debian DLA-941-1 : squirrelmail security update
Dawid Golunski and Filippo Cavallarin discovered that squirrelmail, a webmail application, incorrectly handled a user-supplied value. This would allow a logged-in user to run arbitrary commands on the server. For Debian 7 'Wheezy', these problems have been fixed in version...
[ASA-201705-18] libplist: multiple issues
Arch Linux Security Advisory ASA-201705-18 ========================================== Severity: High Date : 2017-05-16 CVE-ID : CVE-2017-5209 CVE-2017-5545 CVE-2017-5834 CVE-2017-5835 CVE-2017-5836 CVE-2017-6435 CVE-2017-6436 CVE-2017-6437 CVE-2017-6438 CVE-2017-6439 CVE-2017-6440 Package :...
[SECURITY] [DSA 3853-1] bitlbee security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3853-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 15, 2017 https://www.debian.org/security/faq -...
NovaBACKUP DataCenter Linux datamover module arbitrary command execution vulnerability
NovaBACKUP DataCenter is a data backup solution developed by NovaStor Germany, Linux is the operating system, datamover module is one of the data transfer module. A security vulnerability exists in the datamover module of NovaBACKUP DataCenter 09.06.03.0353 and earlier versions for Linux. A remot...
Ghostscript Type Confusion Arbitrary Command Execution (CVE-2017-8291)
An arbitrary code execution vulnerability exists within Ghostscript. This vulnerability is due to the way Ghostscript parses .eps files. An attacker can manipulate a .eps file and run arbitrary commands on the victims computer...
Netgear WNR2000\R2000 Series Buffer Overflow Vulnerability
The WNR2000v3, WNR2000v4, WNR2000v5 and R2000 are all router products from Netgear. A buffer overflow vulnerability exists in the Netgear WNR2000\R2000 family of products, which can be exploited by remote attackers to bypass authentication and execute arbitrary commands...
Arbitrary Command Execution
smalruby-editor is vulnerable to arbitrary OS command injection attacks. The vulnerability exists due to the improper input sanitization in the usage of Open3.capture3...
Ghostscript 9.21 Type Confusion Arbitrary Command Execution Exploit
This Metasploit module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript versions 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow. This module requires...
Ghostscript 9.21 Type Confusion Arbitrary Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ghostscript Type Confusion Arbitrary Command Execution', 'Description' = %q This module exploits a type confusion vulnerability in Ghostscript tha...
CVE-2017-2142
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors...
Ghostscript Type Confusion Arbitrary Command Execution
This module exploits a type confusion vulnerability in Ghostscript that can be exploited to obtain arbitrary command execution. This vulnerability affects Ghostscript versions 9.21 and earlier and can be exploited through libraries such as ImageMagick and Pillow. This module requires Metasploit:...
gnome-shell Arbitrary Code Execution Vulnerability
gnome-shell is a window manager for the GNOME desktop environment developed by the GNOME project. A security vulnerability exists in the js/ui/extensionSystem.js file in gnome-shell versions 3.22 through 3.24.1, due to the program failing to properly handle exceptions. An attacker can exploit the...
Command injection
gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications but not interact with them, see information from the extensions e.g., what applications you have...
UBUNTU-CVE-2016-6902
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands...
Tenable Appliance Arbitrary Command Execution Vulnerability
Tenable Appliance is a browser management program developed by Tenable Network Security. An arbitrary command execution vulnerability exists in Tenable Appliance versions 3.5 through 4.4.0. A remote attacker can inject arbitrary commands by manipulating the tnsappliancesessionuser parameter...
PT-2018-07: Arbitrary Command Execution in Ipswitch WhatsUp Gold
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Ipswitch WhatsUp Gold. Vulnerability in Ipswitch WhatsUp Gold, due to TFTP server misconfiguration, allows remote attackers to execute arbitrary commands on the TFTP server, obtain access...
CVE-2017-7283
An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php...