CVE-2016-8026

Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus SSP 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors...

U.S. Dept Of Defense: Remote code execution vulnerability on a DoD website

A remote code execution RCE vulnerability was found on a DoD website which could have enabled an attacker to execute remote commands on the web server. Thank you @n0rb3r7 for notifying us of this vulnerability! I was able to leverage a recent, well-known vulnerability to achieve arbitrary, remote...

Arbitrary Command Execution Vulnerability in Multiple Veritas Products (CNVD-2017-02619)

Veritas Access and others are products of Veritas Technologies, Inc. Veritas Access is a horizontally scalable NAS solution for unstructured data; Veritas NetBackup Appliance is an enterprise-class backup management appliance. An arbitrary command execution vulnerability exists in multiple Verita...

Arbitrary Command Execution Vulnerability in Multiple Veritas Products

Veritas NetBackup Appliance is an enterprise-class backup management appliance; NetBackup Server is a set of enterprise-class backup management servers that can run on multiple operating systems. An arbitrary command execution vulnerability exists in multiple Veritas products, which can be...

Arbitrary Command Execution Vulnerability in Multiple Veritas Products (CNVD-2017-02658)

Veritas Access and others are products of Veritas Technologies, Inc. Veritas Access is a horizontally scalable NAS solution for unstructured data; Veritas NetBackup Appliance is an enterprise-class backup management appliance. An arbitrary command execution vulnerability exists in multiple Verita...

CVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur...

CVE-2017-6401

An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat...

CVE-2017-6406

An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with "../" substrings, can occur...

PT-2017-3168 · NetGear · Netgear Dgn2200

Name of the Vulnerable Software and Affected Versions: NETGEAR DGN2200 versions through 10.0.0.50 Description: The issue allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping IPAddr field of an HTTP POST request to the ping.cgi endpoint. This is d...

openSUSE: Security Advisory for vim (openSUSE-SU-2016:2993-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Geutebruck testaction.cgi Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Geutebruck testaction.cgi Remote Command Execution', 'Description' = %q This module exploits a an arbitrary command execution...

CVE-2016-8363

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series...

CVE-2016-8363

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series...

TalariaX SendQuick Entera and Avera Device Command Injection Vulnerability

TalariaX SendQuick Entera and Avera are both products of TalariaX Singapore. The former is a web-based server management system and the latter is a plug-and-play network monitoring system. A command injection vulnerability exists in versions of the TalariaX SendQuick Entera and Avera appliances...

Huawei EMUI Elevation of Privilege Vulnerability

Huawei EMUI is a set of intelligent terminal human-computer interaction system based on the Android platform developed by China's Huawei Huawei. An elevation of privilege vulnerability exists in Huawei EMUI, which stems from a failure to adequately check specific parameters in the keyguard...

CVE-2015-6024

CVE-2015-6024 affects NetCommWireless HSPA 3G10WVE routers (firmware before 3G10WVE-L101-S306ETS-C01_R05). The vulnerability allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter, indicating potential remote command execution with ...

Trend Micro Virtual Mobile Infrastructure Arbitrary Command Execution Vulnerability

Trend Micro Virtual Mobile Infrastructure is a solution that enables IT managers to host enterprise applications and data in a secure mobile operating system on a central server. A security vulnerability in the handlecertificate function in Trend Micro Virtual Mobile Infrastructure...

CVE-2017-5200

Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's sshclient. Mitigation Disable salt-api for mitigation...

CVE-2016-10043

An issue was discovered in Radisys MRF Web Panel SWMS 9.0.1. The MSMMACRONAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character | to inject arbitrary OS commands and retrieve the output in the application's...

Pear HTTP_Upload v1.0.0b3 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications + + Credits: John Page AKA Hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PEAR-HTTPUPLOAD-ARBITRARY-FILE-UPLOAD.txt + ISR: ApparitionSEC + Vendor: ============ pear.php.net Product:...