IBM Tivoli Storage Manager FastBack Arbitrary Command Execution Vulnerability (CNVD-2015-04167)

IBM Tivoli Storage Manager FastBack is a suite of software that provides continuous data protection and recovery management capabilities for Microsoft Windows and Linux servers. An arbitrary command execution vulnerability in IBM Tivoli Storage Manager FastBack version 6.1 prior to 6.1.12 allows...

D-Link DSP-W110 Command Execution / SQL Injection / File Upload Vulnerabilities

D-Link DSP-W110 suffers from command execution, remote file upload, and remote SQL injection vulnerabilities. D-Link DSP-W110 - multiple vulnerabilities ---- Discovered by: ---- Peter Adkins ---- Access: ---- Local network; unauthenticated access. ---- Tracking and identifiers: ---- CVE - None...

Fedora 21 : fusionforge-5.3.2-4.fc21 (2015-9128)

Security fix for CVE-2015-0850 CVE-2015-0850: Prevent arbitrary command execution via clone URL parameter of the method to create secondary Git repositories. Found by Ansgar Burchardt . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Fedora 22 : fusionforge-5.3.2-4.fc22 (2015-9324)

Security fix for CVE-2015-0850 CVE-2015-0850: Prevent arbitrary command execution via clone URL parameter of the method to create secondary Git repositories. Found by Ansgar Burchardt . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Arbitrary Command Execution Vulnerability in Multiple Buffalo Routers

Buffalo WHR-1166DHP and others are wireless router products from the Buffalo Group in Japan. A security vulnerability exists in several Buffalo routers, which could be exploited by remote attackers to submit a special request and execute arbitrary OS commands...

AVM Fritz!Box Arbitrary Command Execution Vulnerability

AVM Fritz!Box is a router product from the German company AVM. The AVM Fritz!Box cgi-bin/webcm URI fails to adequately filter shell metacharacters in the 'var:lang' parameter, presenting an arbitrary command execution vulnerability that could be exploited by a remote attacker to submit a special...

ProFTPD mod_copy command execution

Added: 05/29/2015 CVE: CVE-2015-3306 BID: 74238 OSVDB: 120834 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem The modcopy extension, if enabled in ProFTPD, allows unauthenticated attackers to read and write arbitrary files using the SITE CPFR and SITE CPTO...

Dell Sonicwall GMS AnalyzerUMA EM5000 Arbitrary Command Execution Vulnerability

The Dell Sonicwall GMS AnalyzerUMA EM5000 is the Analyzer module of the centralized GMS platform for Dell's SonicWALL security products. An arbitrary command execution vulnerability exists in the Dell Sonicwall GMS, Analyzer,UMA EM5000 that could allow an authenticated remote user to execute...

SUSE SLES12 Security Update : git (SUSE-SU-2015:0100-1)

This update fixes the following security issue : - CVE-2014-9390: arbitrary command execution vulnerability on case- insensitive file system bnc910756 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted t...

WordPress UnGallery Plugin <= 2.1.5 - Arbitrary Command Execution

This plugin is prone to "search" arbitrary command execution vulnerability. Solution Update plugin...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

Cisco UCS Central Software is the United States of America Cisco Cisco, a combination of computing, virtualization and networking in one software platform. An arbitrary command execution vulnerability exists in Cisco UCS Central Software. The vulnerability allows an unauthenticated, remote attack...

Cisco UCS Central Software Arbitrary Command Execution Vulnerability

A vulnerability in the web framework of Cisco UCS Central Software could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

Hospira Lifecare PCA Infusion Pump Arbitrary Command Execution Vulnerability

Hospira Lifecare PCA infusion pump is a suite of smart infusion pump software from Hospira USA. Failure to perform authentication for Telnet sessions in Hospira Lifecare PCA infusion pumps running SW ver 412 allows a remote attacker to gain root privileges by accessing the telnet service...

Cisco Secure Desktop (CSD) Arbitrary Command Execution Vulnerability

Cisco Secure Desktop CSD is a secure desktop product from Cisco that reduces the risk of remote users logging off and cookies, browser history, temporary files, and downloads being left on the system after the SSL VPN session times out with encryption. An arbitrary command execution vulnerability...

openSUSE Security Update : libgit2 (openSUSE-2015-288)

libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems. The following vulnerability was fixed : - When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands...

setroubleshoot Arbitrary Command Execution Vulnerability

setroubleshoot is a set of SELinux operating system troubleshooting tools. The tool consists of a framework and analysis plug-ins. A security vulnerability exists in the 'getrpmnvrbyfilepathtemporary' function in the util.py file in versions prior to setroubleshoot 3.2.22. A remote attacker can...

Fedora 12 setroubleshootd Local Root Proof Of Concept

setroubleshoot tries to find out which rpm a particular file belongs to when it finds SELinux access violation reports. The idea is probably to have convenient reports for the admin which type enforcement rules have to be relaxed. setroubleshoot runs as root although in its own domain. In util.py...

Mandriva Linux Security Advisory : egroupware (MDVSA-2015:087)

Updated egroupware packages fix security vulnerabilities : eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027. eGroupWare before 1.8.007 allows logged in users with...

Websense Triton and V-Series CLU Arbitrary Command Execution Vulnerability

Websense TRITON is the Unified Content Architecture for data security. An arbitrary command execution vulnerability exists in the Network Diagnostic Tool CommandLineServlet in the CLU in Websense TRITON AP-WEB 7.8.3 and V-Series appliances, which could allow a remotely authenticated user to execu...

AlienVault OSSIM av-centerd Util.pm remote_task Arbitrary Command Execution - Ver2 (CVE-2014-5210)

The vulnerability is due to a failure to safely sanitize remotetask SOAP requests within Util.pm. this vulnerability can be exploit by sending crafted requests to the affected service. Successful exploitation could result in arbitrary command execution with root privileges...