Schneider Electric Building Operation Automation Server Vulnerability

OVERVIEW Independent researcher Karn Ganeshen has identified a vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software. Schneider Electric has produced a new version to mitigate this vulnerability. This vulnerability could be exploited remotely...

JVN#25059363: Multiple I-O DATA network camera products multiple vulnerabilities

Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. OS Command injection CWE-78 - CVE-2016-7819 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2|...

Design/Logic Flaw

IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert...

CVE-2016-0325

CVE-2016-0325 affects IBM Jazz-based CLM stack (Rational CLM/RQM/RRTC/RDNG/RELM/RSA DM and related) with multiple versions vulnerable prior to specific iFixes. The issue allows an authenticated remote attacker to execute arbitrary OS commands via a crafted HTTP request, impacting several CLM comp...

GroundWork monarch_scan.cgi OS Command Injection (CVE-2013-3502)

A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarchscan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution...

Sophos Web Appliance 4.2.1.3 - Remote Code Execution

Sophos Web Appliance 4.2.1.3 - Remote Code Execution KL-001-2016-009 : Sophos Web Appliance Remote Code Execution Title: Sophos Web Appliance Remote Code Execution Advisory ID: KL-001-2016-009 Publication Date: 2016.11.03 Publication URL:...

Sophos Web Appliance Remote Code Execution

Vulnerability Details Affected Vendor: Sophos Affected Product: Web Apppliance Affected Version: v4.2.1.3 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-88: Argument Injection or Modification...

CVE-2016-0326

IBM Rational Quality Manager RQM and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted "HTML request."...

CVE-2016-0326

Summary: IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management (CLM) are affected by a command injection vulnerability (CVE-2016-0326). An authenticated attacker can inject commands via a specially crafted HTML request, causing OS commands to execute with the user’s p...

Symantec Web Gateway 5.2.2 OS Command Injection

------------------------------------------------------------------------------------ Symantec Web Gateway = 5.2.2 newwhitelist.php OS Command Injection Vulnerability ------------------------------------------------------------------------------------ - Software Link: https://www.symantec.com/ -...

SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection Vulnerability

Exploit for windows platform in category remote exploits Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTCREFRESHEXPORTTABCOMP 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the...

SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection

Onapsis Security Advisory ONAPSIS-2016-043: SAP OS Command Injection in SCTCTMSMAINTAINALOG 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information...

SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection

Onapsis Security Advisory ONAPSIS-2016-041: SAP OS Command Injection in SCTCREFRESHEXPORTTABCOMP 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information...

CVE-2016-6373

Cisco Cloud Services Platform (CSP) 2100 web GUI vulnerability (CVE-2016-6373) affects CSP2100 2100 series running 2.0 and 2.x prior to 2.1.0. An authenticated remote attacker can inject commands via crafted platform requests to execute arbitrary OS commands with root privileges. The issue stems ...

FortiWAN Multiple Vulnerabilities

FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities. CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context...

Fortinet FortiWAN load balancer appliance contains multiple vulnerabilities

Overview The Fortinet FortiWAN Ascernlink network load balancer appliance contains multiple vulnerabilities. Description According to the reporter, the Fortinet FortiWAN network load balancer appliance contains the following vulnerabilities.CWE-78: Improper Neutralization of Special Elements used...

JVN#85213412: Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate t...

QNAP QTS 4.2.1 Build 20160601 Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-055 Product: QNAP QTS Manufacturer: QNAP Affected Versions: 4.2.1 Build 20160601 Tested Versions: 4.2.1 Build 20160601 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection CWE-78 Risk Level: High Solution Status:...

QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-048 Product: QNAP QTS Manufacturer: QNAP Affected Versions: 4.2.0 Build 20160311 and Build 20160601 Tested Versions: 4.2.0 Build 20160311 - 4.2.2 Build 20160812 Vulnerability Type: OS Command Injection CWE-78 Risk Level: High...

CVE-2016-2875

IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors...