Design/Logic Flaw

A vulnerability in a specific loopback filter action command, processed in a specific logical order of operation, in a running configuration of Juniper Networks Junos OS, allows an attacker with CLI access and the ability to initiate remote sessions to the loopback interface with the defined...

Command injection

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating...

CVE-2016-10118

Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /...

CVE-2014-5008

Snoopy allows remote attackers to execute arbitrary commands...

Redmi 2A phone has command vulnerability in multiple devices

The Redmi 2A phone is a new model launched by Xiaomi on March 31, 2015, as a derivative of the Redmi 2 phone. The ioctl cmd=0x40046b0a for the Redmi 2A kernel device /dev/hx170dec and the ioctl cmd=0xc00c7503 handler function for /dev/comip-ureg lacks a validity judgment, which allows an attacker...

D-Link DCS IP camera 7411 command execution vulnerability

No description provided by source...

UBUNTU-CVE-2016-4453

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via a VGA command...

DLA-335-1 ntp - security update

Bulletin has no description...

Pygments FontManager._get_nix_font_path Shell Injection Vulnerability

Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...

D-Link/TRENDnet NCC Service Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link/TRENDnet NCC Service Command Injection', 'Description' = %q This module exploits a remote command injection vulnerability on...

HNAP Remote Command Elevation of Privilege Vulnerability in Multiple D-Link Products

D-link specializes in the design and development of hardware products for wireless networks and Ethernet circuits. A remote command elevation of privilege vulnerability exists in several D-Link products HNAP. This vulnerability can be exploited by attackers to elevate privileges and execute...

ElasticSearch command execution vulnerability: by perl to rally the shell-vulnerability warning-the black bar safety net

ElasticSearch is based on Lucene Search Server. It provides a distributed multi-user capability of the full-text search engine, based on the RESTful web interface. Elasticsearch is developed in Java, and as the Apache License under the terms of the open source release, is the second most popular...

FVWM 2.4.17/2.5.8 fvwm_make_browse_menu.sh Scripts Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9922/info It has been reported that the FVWM fvwmmakebrowsemenu.sh script is prone to a command execution vulnerability. This issue is due to the script allowing a user to define which application should be used to execut...

CVE-2014-3981

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file...

CVE-2013-4419

CVE-2013-4419 affects libguestfs guestfish when using --remote/--listen: temporary socket ownership is not properly checked under /tmp/.guestfish-$UID/, allowing a local user to pre-create that directory and then write to the socket to execute commands. Affected are libguestfs versions up to and ...

Quick easy ftp server 4.0.0 plurality of command format string vulnerability-vulnerability warning-the black bar safety net

Version: Quick easy ftp server 4.0.0 other version not test Test: W2K SP4 Quick easy ftp server 4.0.0 is not safe to use wsprintfA function for string operations, resulting in format string vulnerabilities. The affected commands include LS, CD, USER, etc. Wherein the USER command does not need to...

CVE-2010-2534

The NetworkSyncCommandQueue function in network/networkcommand.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted request, related to the client command queue...

Simple Network penetration spying on a command-vulnerability warning-the black bar safety net

ipconfig /all //You can view the current network card configuration information, including the domain and IP section This command can be seen: the host name---shwdm, IP--192.168.103.8, the gateway IP---192.168.103.10,DNS domain name resolution IP address---192.168.100.1 to an primary WINS server...

CVE-2009-4643

Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICECMDUNINSTALL command to the...

wscript. the shell is disabled,execute the command-vulnerability warning-the black bar safety net

See close wscript. shell, upload the cmd. exe to the above to run no command. The runtime will tell the fault. If you want to run the command you can try this method, try the following: Put the following code to copy: object runat=server id=oScriptlhn scope=page...