Multiple Vulnerabilities in ZKN Cyber Sentinel

ZKXY Network Sentinel is an Internet security auditing system that integrates behavioral auditing and content auditing, and is deployed as a bypass at the network egress. ZKXN Network Sentry suffers from arbitrary file inclusion and arbitrary command execution vulnerabilities. The vulnerability...

Lenovo System Update Competitive Conditions Vulnerability

Lenovo System Update formerly known as ThinkVantage System Update is a set of automatic system update tools from the Chinese company Lenovo. A competitive condition vulnerability exists in Lenovo System Update versions prior to 5.06.0043. The vulnerability can be exploited by an attacker to run...

Debian DSA-3411-1 : cups-filters - security update

Michal Kowalczyk discovered that missing input sanitising in the foomatic-rip print filter might result in the execution of arbitrary commands. The oldstable distribution wheezy is not affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

CSL DualCom GPRS CS2300-R SPT Arbitrary Command Execution Vulnerability

The CSL DualCom GPRS CS2300-R SPT is an alarm signaling board from CSL DualCom, UK, which provides a communication link between the burglar alarm and the monitoring center, allowing signals to be sent to the monitoring center when the alarm goes off, via the mobile network, ordinary phone lines o...

IBM Installation Manager '/tmp' Local Command Injection Vulnerability

IBM Installation Manager is a set of IBM's general software management tools that can run on multiple platforms e.g., IBM i, OS, Windows, Linux, Unix. A command injection vulnerability exists in IBM Installation Manager version 1.8.1. A local attacker can exploit this vulnerability to execute...

The vulnerability of the CommVault Edge data archiving and restoration software allows a hacker to execute arbitrary commands.

The vulnerability of the CommVault Edge data archiving and recovery program exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially...

IBM Tivoli Storage Manager FastBack Server Opcode 1330 Command Injection (CVE-2015-1949)

A command injection vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1330 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...

Infinite Automation Mango Automation任意命令执行漏洞

No description provided by source...

Symantec Endpoint Protection Manager-RU6-MP3 Arbitrary OS Command Execution Vulnerability

Symantec Endpoint Protection Manager is a centralized manager for Symantec's enterprise-class antivirus software. An arbitrary operating system command execution vulnerability exists in version 12.1 of Symantec Endpoint Protection Manager prior to 12.1-RU6-MP3. This allows remote attackers to...

Extmail 任意命令执行漏洞

No description provided by source...

IBM Tivoli Storage Manager FastBack Server Opcode 1331 lza32 Command Injection (CVE-2015-1938)

A command injection vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient input validation of parameters in opcode 1331 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...

Allen-Bradley MicroLogix SQL Injection Vulnerability

Allen-Bradley MicroLogix is a programmable logic controller PLC from Rockwell Automation. An SQL injection vulnerability exists in Allen-Bradley MicroLogix 1100 prior to B FRN 15.000 and 1400 prior to B FRN 15.003. It allows an authenticated remote user to execute arbitrary SQL commands via...

CVE-2015-7901

Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors...

Cisco FireSIGHT Management Center Arbitrary Command Execution Vulnerability

Cisco FireSIGHT Management Center enables centralized management of network security and operational functions for Cisco ASA with FirePOWER Services and Cisco FirePOWER devices. A security vulnerability exists in the policy implementation of Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, 6.0...

ownCloud Server Arbitrary Command Execution Vulnerability

ownCloud is a free and open source personal cloud storage solution created by Frank Karlitschek, a German KDE developer. ownCloud Server is a server version . A security vulnerability exists in the external legacy SMB storage feature of ownCloud Server versions prior to 8.1.2, which can be...

Drupal Arbitrary SQL Command Execution Vulnerability

Drupal is an open source content management platform. Arbitrary SQL command execution vulnerability exists in Drupal 7 driver for SQL Server SQL Azure versions 7.x-1.x prior to 7.x-1.4. Allows remote attackers to execute arbitrary SQL commandsvec execute arbitrary SQL commands...

Multiple Vulnerabilities in the Western Digital Arkeia arkeiad Daemon

Western Digital Arkeia is a network backup and recovery solution from Western Digital. A security vulnerability exists in the arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia versions 11.0.12 and earlier. A remote attacker could exploit this vulnerability by sending a series of...

Apache HTTP Server mod_rewrite Vulnerability

受影响系统：Apache Group Apache 2.2.x = 2.2.0Apache Group Apache 2.0.x = 2.0.46Apache Group Apache 1.3.x = 1.3.28不受影响系统：Apache Group Apache 2.2.3Apache Group Apache 2.0.59Apache Group Apache...

ASUS RT-N16 - Text-plain Admin Password Disclosure

Description ----------- Several ASUS routers include reflected Cross-Site Scripting CWE-79 and authentication bypass CWE-592 vulnerabilities. An attacker who can lure a victim to browse to a web site containing a specially crafted JavaScript payload can execute arbitrary commands on the router as...

Amazon Linux: Security Advisory (ALAS-2013-194)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...