Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injection CWE-78 Date found: 2018-11-15 Date published: 2019-05-13 CVSSv3 Score: 9.8...

Command Injection

Overview All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip function concatenates user input to exec which may allow attackers to execute arbitrary commands on the server. Recommendation No fix is currently available. Consider using an alternative module until a fix is...

Unbreakable Enterprise kernel security update

4.14.35-1844.4.5 - x86/apic/x2apic: set back affinity of a single interrupt to one cpu Mridula Shastry Orabug: 29510342 4.14.35-1844.4.4 - ext4: fix data corruption caused by unaligned direct AIO Lukas Czerner Orabug: 29598590 - swiotlb: checking whether swiotlb buffer is full with iotlbused Dong...

Command Injection

Overview All versions of tomato are vulnerable to Command Injection. The /api/exec endpoint does not validate user input allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

CVE-2019-10018

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case...

CVE-2019-10026

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case...

Xpdf PE Vulnerability (CNVD-2019-22436)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A PE vulnerability exists in the PostScriptFunction::exec function in Function.cc in Xpdf 4.01.01 in the psOpIdiv scenario. No detailed vulnerability details are provided at this time...

Design/Logic Flaw

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BGSITENAME field in the optbase.inc.php file...

CVE-2019-10023

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case...

DEBIAN-CVE-2017-16231

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is use...

Advanced Host Monitor 11.92 beta - Local Buffer Overflow

!/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date: 2019-03-18 Author: Peyman Forouzan Tested Against: Winxp SP2...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.10), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-exec (=1.1.0)

org.apache.hive:hive-exec MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - ai.h2o:h2o-orc-parser =3.18.0.9, =0.1.5, =0.1.5, =0.11.0, =0.11.1 Source cves: CVE-2015-1772 Source advisory...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.10), com.alibaba.blink:flink-hcatalog (>=blink-3.2.0 <=blink-3.7.0) +138 more potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (>=0.10.0 <=1.2.1)

org.apache.hive:hive-exec MAVEN version =0.10.0, =3.18.0.9, =blink-3.2.0, =1.0.1-migration, =0.60.0, =1.0.1, =0.6, =0.6, =0.6, =0.6, =0.7 - com.facebook.giraph.hive:hive-io-experimental =0.5 - com.facebook.hiveio:hive-io-exp-cmdline =0.8 - com.facebook.hiveio:hive-io-exp-core =0.8 -...

io.druid.extensions.contrib:druid-orc-extensions (>=0.10.0 <=0.12.3), org.apache.tajo:tajo-hive (>=0.11.2 <=0.11.3) potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (=2.0.0)

org.apache.hive:hive-exec MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - io.druid.extensions.contrib:druid-orc-extensions =0.10.0, =0.11.2, =0.11.3 Source cves: CVE-2016-3083 Source...

com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.scylladb.alternator:hive2-shims (>=5.6.0 <=5.8.0) potentially affected by CVE-2017-12625 via org.apache.hive:hive-exec (=2.3.0)

org.apache.hive:hive-exec MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - com.amazon.emr:hive2-shims =5.0.0, =5.6.0, =5.8.0 Source cves: CVE-2017-12625 Source advisory:...

DEBIAN-CVE-2019-8980

A memory leak in the kernelreadfile function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service memory consumption by triggering vfsread failures...

Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019

A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/ex...

VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.

VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. Successful exploitation of this issue may allow a malicious container to overwrite the contents of a host's runc binary and execute arbitrary code. Exploitation of this vulnerability requires the...

CVE-2018-20772

Frog CMS 0.9.5 allows PHP code execution via ?php to the admin/?/layout/edit/1 URI...

Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...