Command Execution Vulnerability in Ziggy's Fortress (CNVD-2019-27736)

Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. A command execution vulnerability exists in Qiji Fortress, which can be exploited by an attacker to gain control of a web server...

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution Exploit (2

Exploit for jsp platform in category web applications Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. Metasploit Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage: https://ahsay.com Software Link:...

Arbitrary File Deletion, Code Execution Vulnerabilities in ICMS

ICMS is a high content management system built with PHP and MySQL. ICMS suffers from an arbitrary file deletion, code execution vulnerability. An attacker can exploit this vulnerability to delete arbitrary files and gain control of the website...

Code Execution Vulnerability in OpenSNS V5

OpenSNS is a lightweight social user center framework based on OneThink. The system adheres to a minimalist design style and focuses on communication. A code execution vulnerability exists in OpenSNS, which can be exploited by an attacker to obtain server information...

Command Execution Vulnerability in Arifang Technology 4G Module Performance King N720

Shenzhen Youfang Technology Co., Ltd. is an enterprise focusing on M2M IoT wireless communication products and services, providing industrial module products and related services in GPRS, CDMA 1X, WCDMA, EVDO, LTE and other communication standards. A command execution vulnerability exists in the ...

KLA11513 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security...

JetBrains IntelliJ IDEA Ultimate Code Execution Vulnerability

JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. A code execution vulnerability exists in JetBrains IntelliJ IDEA Ultimate. A remote attacker could exploit the vulnerability to execute code...

JetBrains IntelliJ IDEA Code Execution Vulnerability

JetBrains IntelliJ IDEA is a Czech company JetBrains set of integrated development environment for the Java language . A code execution vulnerability exists in JetBrains IntelliJ IDEA. An attacker could exploit the vulnerability to execute code...

strong_password Ruby gem malicious version causing Remote Code Execution vulnerability

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Version 0.0.8 does not contain the backdoor...

Tenda W20E V15.11.0.6_CN has a command execution vulnerability (CNVD-2019-22869)

Shenzhen Jixiang Tengda Technology Co., Ltd. is one of the first pioneers in the field of wireless network in China. Tenda W20E V15.11.0.6CN suffers from a command execution vulnerability that can be exploited by an attacker to gain server privileges...

CVE-2019-9186

In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the configuration is running, because a JMX server listens on all interfaces instead of listening on only the localhost interface. This issue has bee...

Code Execution Vulnerability in EasyAdmin v1.0.8

EasyAdmin is a free and open source community program based on the LayUI template, with a ThinkPHP5 framework for backend support. EasyAdmin code execution vulnerability , an attacker can exploit the vulnerability to obtain server privileges...

SUSE-SU-2019:14100-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issue fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd bsc11383...

openSUSE Security Update : vim (openSUSE-2019-1561)

This update for vim fixes the following issue : Security issue fixed : - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c bsc1137443. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and...

Command Execution Vulnerability in Qiji Ops Fortress Server (CNVD-2019-21086)

Zhejiang Qiji Technology Co., Ltd. is a company mainly engaged in computer hardware and software, network products, technology development and other projects. A command execution vulnerability exists in the server side of the Qiji Operations and Maintenance Fortress, which can be exploited by an...

OPENSUSE-SU-2019:1551-1 Security update for neovim

This update for neovim fixes the following issues: Security issue fixed: - CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c bsc1137443...

SUSE SLED12 / SLES12 Security Update : vim (SUSE-SU-2019:1456-1)

This update for vim fixes the following issue : Security issue fixed : CVE-2019-12735: Fixed a potential arbitrary code execution vulnerability in getchar.c bsc1137443. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenab...

CVE-2019-3412

CVE-2019-3412 affects ZTE MF920 devices (BD_R218V2.4 and earlier). The root cause is that certain interfaces do not adequately validate parameters, enabling arbitrary command execution via those interfaces. Public documents consistently describe a pre-existing command-execution vulnerability in M...

Command Execution Vulnerability in DM Enterprise Website System

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM enterprise website building system has a command execution vulnerability , attackers can use the vulnerability to obtain server privilege...

HPE Intelligent Management Center (IMC) thirdPartyPerfSelectTask Expression Language Injection Remote Code Execution Vulnerability

HPE Intelligent Management Center IMC is a comprehensive management platform built from the ground up to support the Failure, Configuration, Accounting, Performance and Security FCAPS model. A thirdPartyPerfSelectTask expression language injection remote code execution vulnerability exists in HPE...