git-fastclone Arbitrary Command Execution Vulnerability

git-fastclone is a set of tools for cloning git. An arbitrary command execution vulnerability exists in git-fastclone versions prior to 1.0.1, which stems from a program executing arbitrary shell commands from .gitmodules. The vulnerability can be exploited to execute arbitrary shell commands by...

openSUSE Security Update : bash (openSUSE-2016-1260)

This update for bash fixes the following security issues : - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expand...

AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection

A SQL injection vulnerability has been reported in AlienVault USM and OSSIM. The vulnerability is due to a failure to sanitize input on requests to getdirectivekdb.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable application...

HP Data Protector Remote Command Execution (CVE-2016-2004)

An arbitrary command execution vulnerability exists in the HPE Data Protector. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service. Successful exploitation could lead to arbitrary command execution under the context of...

Amazon Linux: Security Advisory (ALAS-2016-756)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution

A remote command execution vulnerability exists in Trend Micro Safe Sync for Enterprise ad.pm page. The vulnerability is due to insufficient validation of the user-supplied id parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable...

SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:2508-1)

This update for tiff fixes the following security issues : - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba bsc974449 - Various out-of-bound write vulnerabilities with unspecified impact MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098 -...

Red Hat CloudForms Management Engine Arbitrary Command Execution Vulnerability

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. An arbitrary command execution vulnerability exists in Red Hat CFME version 4.1, which can be exploited by remote attackers to execute arbitrary...

Arbitrary File Download Vulnerability in ZTE Network Sentinel

Shenzhen Zhongke Xinye Information Technology Development Co., Ltd. was registered on September 28, 2002 in Nanshan Bureau of Shenzhen Municipal Market Supervision Administration. The company's business scope includes the development of information and computer technology, technical services;...

Nagios Network Analyzer < 2.2.2 Multiple Vulnerabilities

Binary data 9602.prm...

IBM Security Access Manager for Web Remote Command Injection Vulnerability

IBM Security Access Manager ISAM for Web formerly known as IBM Tivoli Access Manager for e-business is a suite of IBM products for user authentication, authorization, and Web single sign-on solutions that provide user access management and Web application protection Functions. A remote command...

Cisco Cloud Services Platform Command Injection Vulnerability (CNVD-2016-08195)

Cisco Cloud Services Platform CSP is the U.S. Cisco Cisco company's set of hardware and software platforms for data center network function virtualization. A remote command injection vulnerability exists in Cisco CSP 2100 version 2.0. A remote attacker can exploit this vulnerability by sending a...

SugarCRM REST deserialization vulnerability

Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...

SugarCRM REST deserialization vulnerability

Added: 09/23/2016 BID: 91413 Background SugarCRM is customer relationship management software written in PHP. Problem Improper use of the unserialize function inside the SugarRestSerialize.php script allows remote attackers to inject PHP objects, leading to arbitrary command execution. Resolution...

ImageMagick bmp.c Buffer Overflow Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. ImageMagick in the processing of other formats of image files into bmp when the conversion of buffer overflow...

Arbitrary Command Execution Vulnerability in Integration Access Controller of Zhengzhou Glacier Network Technology Co.

Zhengzhou Glacier Networks Technology Co., Ltd Glacier Networks is a provider of embedded software product development and network application layer management equipment. An arbitrary command execution vulnerability exists in the Integrated Access Controller of Zhengzhou Glacier Network Technolog...

Arbitrary Command Execution Vulnerability in Intelligent Traffic Optimization System of Zhengzhou Glacier Network Technology Co.

Zhengzhou Glacier Networks Technology Co., Ltd Glacier Networks is a provider of embedded software product development and network application layer management equipment. An arbitrary command execution vulnerability exists in the Intelligent Traffic Optimization System of Zhengzhou Glacier Networ...

Arbitrary Command Execution Vulnerability in Intelligent DNS System of Zhengzhou Glacier Network Technology Co.

Zhengzhou Glacier Networks Technology Co., Ltd Glacier Networks is a provider of embedded software product development and network application layer management equipment. An arbitrary command execution vulnerability exists in the Intelligent DNS system of Zhengzhou Glacier Network Technology Co. ...

Arbitrary Command Execution Vulnerability in Load Balancing System of Zhengzhou Glacier Network Technology Co.

Zhengzhou Glacier Networks Technology Co., Ltd Glacier Networks is a provider of embedded software product development and network application layer management equipment. An arbitrary command execution vulnerability exists in the load balancing system of Zhengzhou Glacier Network Technology Co. A...

Apache Mina 2.0.13 - Remote Command Execution

Source: https://remoteawesomethoughts.blogspot.com/2016/09/apache-mina-2013-remote-command.html Apache Mina 2.0.13 uses the OGNL library in the “IoSessionFinder” class. Its constructor takes into parameter one OGNL expression. Then this expression is executed when the method “find” is called. Thi...