7632 matches found
The vulnerability of the Cisco IOS operating system, allowing a perpetrator to execute arbitrary commands
The vulnerability in the Cisco IOS operating system exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor, operating locally, to execute arbitrary commands with superuser privileges...
Dell iDRAC6 Arbitrary Command Execution Vulnerability
Dell iDRAC6 is a remote management solution on the Dell PowerEdge family of servers. An arbitrary command execution vulnerability exists in Dell iDRAC6. An attacker could exploit the vulnerability to execute arbitrary commands in the context of an affected application...
Arbitrary Command Execution
Salt is vulnerable to command execution. If the pillar content given to cmd.run is not coming from a trusted source, attackers could execute commands on command line...
WN-G300R3 vulnerable to OS command injection
Overview WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
SCADA engine BACnetOPCServer suffers from dll hijacking vulnerability
SCADA system is a data acquisition and monitoring control system. bacnetOPCServer is the server software for the SCADA engine. The BACnetOPCServer software's BACnSvrTest.exe component is vulnerable to DLL hijacking due to insecure loading of library files, which can be used to maliciously load a...
Arbitrary Command Execution Vulnerability in Omnicom's AuteGate Security Gateway
AuteGate is a virtual security gateway product. An arbitrary command execution vulnerability exists in the AuteGate security gateway. An attacker can exploit this vulnerability to construct specific code, remotely execute commands, write webshells, and gain server privileges, posing information...
VMware vCenter Server BlazeDS Component Remote Code Execution Vulnerability
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A remote code execution vulnerability exists...
PT-2018-5036 · Red Hat +2 · Ansible +2
Name of the Vulnerable Software and Affected Versions: Ansible versions prior to 2.2.0 Description: The issue arises from improper sanitization of fact variables sent from the Ansible controller. An attacker who can create special variables on the controller may be able to execute arbitrary...
Cisco: WebEx: New Arbitrary Command Execution in 1.0.5 via Module Whitelist Bypass
In version 1.0.5 of the WebEx extension, Cisco added a GpcComponentName whitelist to prevent exploitation via XSS, preventing the issue 1096. This can be defeated by putting a module signed by Cisco under GpcUrlRoot, and tricking the installation routine to overwrite one of the whitelisted module...
CVE-2014-3582
Affected product: Apache Ambari. Affects Ambari server handling of SSL certificate generation for hosts in a cluster (versions 1.2.0–2.2.2). Root cause (as described): the CVE-2014-3582 condition may allow arbitrary system command execution on the Ambari Server host during the certificate generat...
CVE-2017-6359
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors...
CVE-2017-6361
CVE-2017-6361 affects QNAP QTS prior to 4.2.4 Build 20170313. The QTS web UI CGI binaries contain multiple command‑injection vulnerabilities (CWE-77) that allow an unauthenticated attacker to execute arbitrary commands on the device, potentially as root. Exploitation details indicate remote comma...
OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - license.php Remote Command Execution Exploit
Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 license.php Remote Command Execution', 'Description' = %q This...
CVE-2017-6970
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863...
McAfee Security Scan Plus Arbitrary Command Execution Vulnerability - Windows
McAfee Security Scan Plus is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
McAfee Security Scan Plus (SSP) Arbitrary Command Execution Vulnerability
Intel Security McAfee Security ScanPlus SSP is a free set of diagnostic tools from Intel Corporation formerly McAfee, Inc.. The product proactively checks for up-to-date antivirus, firewall, and Web security software in your computer so that you always know if your computer is secure so that it i...
ImageMagick Arbitrary Command Execution Vulnerability
ImageMagick is a free software for creating, editing, and compositing images.The use of most of ImageMagick's features comes from the command line tools. An arbitrary command execution vulnerability exists in ImageMagick versions prior to 6.9.4-0 and GraphicsMagick, which allows remote attackers ...
CVE-2016-8026
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus SSP 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors...
CVE-2016-8026
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus SSP 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors...
Command injection
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus SSP 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors...