Command Execution Vulnerability in the pelco Sarix Enhanced Dot1xSetupController.php File

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, allowing an attacker who has been...

SUSE-SU-2017:2660-1 Security update for libvirt

This update for libvirt fixes several issues. This security issue was fixed: - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc1025340: Use xend for nodeGetFreeMemory API -...

CVE-2017-12581

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...

Cisco Elastic Services Controller Remote Command Execution Vulnerability

Cisco Elastic Services Controller is a cloud and systems management solution. A security vulnerability in the ConfD CLI for Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as a Linux tomcat user on an affected system...

OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - license.php Remote Command Execution Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 license.php Remote Command Execution', 'Description' = %q This...

CVE-2017-6406

CVE-2017-6406 affects Veritas NetBackup (Before 7.7.2) and NetBackup Appliance (Before 2.7.2). It enables arbitrary privileged command execution via a whitelist directory escape using substrings like "../". The root cause is a directory traversal that can lead to privilege escalation with local a...

Command Execution Vulnerability in China_user_add_op.php, the Security Isolation Gateway of Beijing Yuanwei Software Co.

Beijing Yuanwei Software Co., Ltd. security isolation gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. A command execution vulnerability exists in chinauseraddop.php, the security isolation gateway of Beijing...

EUVD-2016-6623

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

mercurial: arbitrary code execution

CVE-2016-3068 arbitrary code execution It was reported that in mercurial, there is similar vulnerability as CVE-2015-7545 in git. Git's git-remote-ext remote helper provides an ext:: URL scheme that allows running arbitrary shell commands. Mercurial allows specifying git repositories as...

京信通信/09/business/loginAction.php username参数命令执行漏洞

No description provided by source...

Trend Micro Password Manager program arbitrary command execution vulnerability verification-vulnerability and early warning-the black bar safety net

Trend Micro antivirus software to suit the windows version, contains a password management program, the program is also in the official website provides a single download connection, is a free service. The default installation of the latest TRAND Micro: the ! 1 Figure 1 Can in Data Security find...

Cisco Prime Network Services Controller任意命令执行漏洞

No description provided by source...

NS-DV7500企业级高性能VPN安全网关命令执行漏洞

No description provided by source...

Command Execution Vulnerability in Beijing PaiNet Software Traffic Analysis Management System

Beijing Paiwang Software Co., Ltd. is specialized in the development of domestic web application layer traffic monitoring and management engine. A command execution vulnerability exists in the traffic analysis and management system of Beijing PaiNet Software. The vulnerability allows an attacker ...

D-Link Cookie command injection

Added: 07/30/2015 Background D-Link produces a variety of routers, switches, and other network equipment for home users and businesses. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted cookie in an HTTP request...

openSUSE Security Update : libgit2 (openSUSE-2015-288)

libgit2 was updated to fix an arbitrary command execution vulnerability on case-insentitive file systems. The following vulnerability was fixed : - When using programs using libgit2 on case-insensitive filesystems, .git/config could be overwritten, which allowed execution of arbitrary commands...

Small ants camera commands to perform the patch bypass-vulnerability warning-the black bar safety net

The thing is, last week on the microblogging onlookers a safe laboratory and a factory camera in the tear forced war, saw the publication of an old version vulnerability suddenly shocked Ah, so you want to look at the people in the hands clutching that vulnerability is going around to ask for hel...

Citrix NITRO SDK Command Injection

------------------------------------------------------------------------ Command injection vulnerability in Citrix NITRO SDK xenhotfix page ------------------------------------------------------------------------ Han Sahin, August 2014...

ASUS router exposure remote command execution vulnerability-vulnerability warning-the black bar safety net

The ASUS router firmware is detected a serious vulnerability that can be made without the authentication of an attacker in the router to remotely execute any command that could affect the ASUS all versions of the router firmware. Security researcher Joshua Drake in several ASUS router firmware...

Vulnerability alert: well-known Forum system vBulletin commonly used SEO plugin VBSEO there is a serious security vulnerability-vulnerability warning-the black bar safety net

vBulletin team recently to all their customers warning of its plug-in VBSEO there was a serious security vulnerability. VBSEO for vBulletin and very popular third party seo modules, worst of VBSEO official already in the last year to stop updating this plug-in, that no one can exploit to provide...