Reolink RLC-410W cgiserver.cgi command parser denial of service vulnerability

Summary A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted series of HTTP requests can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. Tested...

Input validation

A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command...

Kazi Mehedi docker-web-gui 操作系统命令注入漏洞

Kazi Mehedi docker-web-gui is Kazi Mehedi an open source application . It provides a simple GUI interface for Docker containers. rakibtg Docker Dashboard suffers from an operating system command injection vulnerability that allows commands to be injected into the backend tool terminal.js via shel...

Improper access control

Improper Access Control in attribute in McAfee Endpoint Security ENS for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters...

CVE-2020-3504 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...

Cisco UCS Manager Denial of Service Vulnerability

Cisco UCS Manager provides unified, embedded management of all software and hardware components in Cisco UCS. A denial of service vulnerability exists in the local management local-mgmt CLI of Cisco UCS Manager. The vulnerability stems from improper handling of CLI command parameters. A locally...

Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...

FreeBSD : dovecot -- multiple vulnerabilities (74db0d02-b140-4c32-aac6-1f1e81e1ad30)

Aki Tuomi reports : lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP where it doesn't matter so much and also for submission-login where unauthenticated users can trigger it. Aki also reports : Snippet...

Input validation

A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could inject CLI command parameters that should not be...

Code injection

Cisco Aironet Access Point Software 8.2100.0 on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037...

Cisco WebEx Meetings Server Authenticated User Arbitrary Code Execution Vulnerability

Cisco WebEx Meetings Server is a Cisco meeting center implementation from Cisco. Cisco WebEx Meetings Server has an unspecified security vulnerability that allows authenticated users to submit special data in command parameters to execute arbitrary code on the target system...

How to Simulate Veeam Backup & Replication Disk I/O

Purpose This article provides examples of using common workload simulators diskspd and fio to simulate Veeam Backup & Replication disk I/O. Do Not Send Test Output Files to Veeam Support The write test output files testfile.dat do not contain diagnostic data. As such, please do not attach them to...

Command injection

The fabric-interconnect component in Cisco Unified Computing System UCS allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374...

CVE-2011-1310

The Administrative Scripting Tools component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into the 1 wsadmin.traceout and 2 trace.log files, which allows local users to obtain potentially...

Sun Solaris LDAP client information leak

Command parameters, including password are available from tasks list...