BSides SF 2019: Remote-Root Bug in Logitech Harmony Hub Patched and Explained

SAN FRANCISCO – Users of Logitech’s Harmony Hub have been wide open to an attack for years because of four unpatched vulnerabilities that left any IoT device connected at risk to remote takeover. The bugs were patched by Logitech in November, but for the first time the researchers that discovered...

Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation Exploit

Exploit for windows platform in category local exploits Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisory ID: CORE-2018-0012 Advisory URL:...

[SECURITY] [DLA 1700-1] uw-imap security update

Package : uw-imap Version : 8:2007fdfsg-4+deb8u1 CVE ID : CVE-2018-19518 Debian Bug : 914632 A vulnerability was discovered in uw-imap, the University of Washington IMAP Toolkit, that might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input e.g.,...

Command Injection Payload List

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. In this...

Exploit for OS Command Injection in Docker

RunC-CVE-2019-5736 Two PoCs for CVE-2019-5736. See Twistlock...

Exploit for OS Command Injection in Docker

Usage Edit HOST inside payload.c, compile with make. Start...

CVE-2019-7632

LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtusize parameter. The lifesize default password for the cli account may sometimes be used for authentication...

CVE-2019-7632

CVE-2019-7632 affects LifeSize Team, Room, Passport, and Networker 220 devices. The issue is an authenticated remote OS command injection via shell metacharacters in the support/mtusize.php mtu_size parameter, with potential authentication via the default cli password noted in some cases. This yi...

PT-2019-6248 · Vim +8 · Vim +8

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 8.1.0881 Description: The issue is related to the lack of input sanitization in the Vim text editor, allowing an attacker to access confidential data, compromise its integrity, and cause a denial of service. In Vim, user...

Command injection

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this...

CVE-2019-3704

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this...

CVE-2019-3704

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this...

CVE-2019-3704

The CVE-2019-3704 entry describes an OS command injection vulnerability in Dell EMC VNX2 OE for File, affecting the VNX Control Station prior to 8.1.9.236. The issue arises from inadequate restriction in sudores, allowing a local authenticated attacker to execute arbitrary OS commands as root. Th...

CVE-2019-3704

VNX Control Station in Dell EMC VNX2 OE for File versions prior to 8.1.9.236 contains OS command injection vulnerability. Due to inadequate restriction configured in sudores, a local authenticated malicious user could potentially execute arbitrary OS commands as root by exploiting this...

CVE-2018-12237

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

Command injection

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

CVE-2018-12237

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

CVE-2018-12237

CVE-2018-12237 affects the Symantec Reporter CLI (Reporter CLI) by an OS command injection vulnerability. Affected: Reporter CLI versions 10.1 before 10.1.5.6 and 10.2 before 10.2.1.8. Root cause: command injection via the CLI that can be exploited by an authenticated administrator with Enable mo...

CVE-2018-12237

The Symantec Reporter CLI 10.1 prior to 10.1.5.6 and 10.2 prior to 10.2.1.8 is susceptible to an OS command injection vulnerability. An authenticated malicious administrator with Enable mode access can execute arbitrary OS commands with elevated system privileges...

Symantec (Blue Coat) Reporter CLI OS Command Injection Vulnerability (SYMSA1465)

According to its self-reported version number, the Symantec formerly Blue Coat Reporter installation running on the remote host is 10.1 prior to 10.1.5.6 or 10.2 prior to 10.2.1.8. It is, therefore, affected by an OS command injection vulnerability. An authenticated attacker with Enable mode...