Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the Cisco Firepower Extensible Operating System’s undefined script exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating syste...

Trend Micro Password Manager HTTP Server Arbitrary Command Execution Vulnerability

Trend Micro Password Manager is a secure password management solution from Trend Micro. A security vulnerability exists in Trend Micro Password Manager's HTTP server that can be exploited by remote attackers to execute arbitrary commands...

Cisco Unified Computing System Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco Unified Computing System UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on a targeted system. The vulnerability is due to improper input validation by the affected software. An attacker could exploit...

CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

Design/Logic Flaw

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...

Silicon Graphics LibTiff Denial of Service Vulnerability (CNVD-2016-02175)

Silicon Graphics LibTiff is the United States Silicon Graphics, Inc. of a read and write TIFF Tagged Image File Format file library. Silicon Graphics LibTiff 4.0.6 and earlier versions of the TIFFVGetField function in the tifdirinfo.c file has a security vulnerability that can be exploited by an...

HPE Asset Manager Arbitrary Code Execution Vulnerability

HP AssetManager is a solution for managing the lifecycle of IT assets. A security vulnerability exists in HPE Asset Manager 9.40, 9.41, 9.50, and Asset Manager CloudSystem Chargeback 9.40, which can be exploited by remote attackers to execute arbitrary commands via constructed serialized Java...

foomatic-rip Arbitrary Command Execution Vulnerability

Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...

HPE Service Manager (SM) Arbitrary Command Execution Vulnerability

HPE Service Manager SM is IT service management software. A security vulnerability in HPE Service Manager SM versions 9.3x prior to 9.35 P4 and 9.4x prior to 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object...

RedHat Update for foomatic RHSA-2016:0491-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GE工业UPS SNMP适配器任意命令执行漏洞

No description provided by source...

BeanShell Arbitrary Command Execution Vulnerability

BeanShell is an open source , free Java source code interpreter . A security vulnerability exists in BeanShell. An attacker can exploit this vulnerability to execute arbitrary commands...

VMware ESX Multiple Vulnerabilities (VMSA-2009-0009) (remote check)

The remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in sudo in file parse.c due to a failure to properly interpret a system group %group in the sudoers configuration file when handling authorization decisions for...

Red Hat PolicyKit pkexec Command Execution Vulnerability

Red Hat PolicyKit is a tool from Red Hat for privilege control of applications on Unix-compatible systems. A security vulnerability exists in the pkexec command in Red Hat PolicyKit 0.113 and earlier versions. An attacker could exploit the vulnerability to execute arbitrary commands with user...

Advantech/B+B SmartWorx VESP211-EU and VESP211-232 Arbitrary Command Execution Vulnerability

The Advantech/B+B SmartWorx VESP211-EU and VESP211-232 are both Advantech China interfaces for connecting serial devices to Ethernet. An arbitrary command execution vulnerability exists in the Advantech/B+B SmartWorx VESP211-EU and VESP211-232, which could allow a remote attacker to perform...

Command Injection in Command Line Interface

Palo Alto Networks firewalls implement a command line interface for interactive configuration through a serial interface or a remote SSH session. An issue was identified that can cause incorrect parsing of a specific SSH command parameter, leading to arbitrary command execution on the OS level...

Multiple Dell Products Arbitrary Command Execution Vulnerability

Dell SonicWALL GMSGMS is a global management system for rapid deployment and centralized management of SonicWALL infrastructures.Analyzer is a set of network analyzer software for SonicWALL infrastructures.UMA EM5000 is a set of universal management appliance software.GMS ViewPoint GMSVP web...

HOME SPOT CUBE vulnerable to OS command injection

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an OS command injection vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...