125 matches found
Extreme Office 2019 suffers from a code execution vulnerability (CNVD-2020-28017)
Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. Extreme Office 2019 suffers from a code execution vulnerability that can be exploited by an attacker to obtain web server administrative privileges using a carefully constructe...
Palo Alto Networks PAN-OS Command Execution Vulnerability
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS versions prior to 8.1.13. A local attacker could exploit the vulnerability to execute commands and gain root privileges...
Design/Logic Flaw
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...
Command Execution Vulnerability in eyoucms of Hainan Zanzan Network Technology Co.
EyouCms is a free + open source enterprise content management system based on the TP5.0 framework as the core development, focusing on the needs of enterprise building users. Hainan Zanzan Network Technology Co. eyoucms has a command execution vulnerability that can be exploited by attackers to...
OPENSUSE-SU-2020:0102-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095. This update was imported from the SUSE:SLE-15-SP1:Update update project...
SUSE-SU-2020:0131-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location bsc1158095...
Command Execution Vulnerability in Oracle WebLogic Server
WebLogic Server is Oracle's JavaEE-based middleware for developing, integrating, deploying and managing large-scale distributed Web applications, web applications and database applications. A command execution vulnerability exists in Oracle WebLogic Server. An attacker can cause arbitrary code...
GNU Mailutils 3.7 - Privilege Escalation Exploit
Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...
Technicolor Remote Command Execution Vulnerability
Technicolor Group is a leading provider of production, post-production and distribution services to content creators, network service providers and broadcasters. Technicolor suffers from a remote command execution vulnerability that originates from a program that does not perform sufficient input...
Code Execution Vulnerability in Thunderwind Movie CMS (CNVD-2019-33540)
Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind CMS has a code execution vulnerability that can be exploited by attackers to gain control of the web...
CVE-2019-2281
An unauthenticated bitmap image can be loaded in to memory and subsequently cause execution of unverified code. in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in QCS405, QCS605, SD 636, SD 665, SD 675...
Code Execution Vulnerability in LmxCMS V1.4
Dream cms lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design mode. A code execution vulnerability exists in LmxCMS V1.4, which can be exploited by attackers to gain server privileges...
Code Execution Vulnerability in PHPOKCMS
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS suffers from a code execution vulnerability. An attacker can exploit this vulnerability by uploading a Trojan horse in a program upgrade/zip package upgrade to gain server privileges...
Code execution vulnerability in cms made simple backend file copying
CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . A code execution vulnerability exists in cms made simple version 2.2.7 when performing file copying in the background, which can be...
Code execution vulnerability in TP-Link enterprise routers (CNVD-2018-08408)
Tplink ER5110G, Tplink ER5120G and Tplink WAR1300L are enterprise VPN routers and enterprise wireless VPN routers. A code execution vulnerability exists in TP-Link Enterprise Routers. An attacker can exploit the vulnerability to obtain the router's administrator username and password, or hijack a...
Code execution vulnerability in hao6cms v2.0 config_edit.asp file
hao6cms is an enterprise website management system. A code execution vulnerability exists in the hao6cms v2.0 configedit.asp file. The vulnerability is due to the parameters failed to filter the direct splicing written to the configuration file, an attacker can exploit the vulnerability to obtain...
CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...
CVE-2017-16608
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a...
Patch Tuesday Returns; Microsoft Quiet on Postponement
Patch Tuesday returned today as expected after last month’s postponement with a giant release of fixes that includes patches for vulnerabilities disclosed and exploited since the last set of updates in January. Microsoft, however, was relatively silent on the reasons why the February updates were...
Hancom Office 2014 VP Local Arbitrary Code Execution Vulnerability (CNVD-2016-06356)
Hancom Office 2014 VP is a cloud storage service solution developed by Hancom Korea. Hancom Office 2014 VP suffers from a local arbitrary code execution vulnerability that could be exploited by a local attacker to execute arbitrary code in the context of the application or conduct a denial of...