Security Bulletin: IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion (CVE-2013-6719 and CVE-2013-6720)

Summary IBM Tealeaf CX Passive Capture Application is vulnerable to a remotely exploitable OS command injection and local file inclusion. These vulnerabilities may be exploited to compromise the host system. Vulnerability Details Two areas of vulnerability are found in the IBM Tealeaf CX Passive...

Security Bulletin: IBM WebSphere MQ JMS client deserialization RCE vulnerability (CVE-2016-0360)

Summary A potential vulnerability exists within the JMSObjectMessage class, which IBM WebSphere MQ provides as part of its Java Message Service implementation. Vulnerability Details JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload...

Seagate Personal Cloud < 4.3.18.0 RCE Vulnerability

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. SPDX-FileCopyrightText: 2018 Greenbone AG Some text...

CVE-2018-8210

Technical details such as affected product versions, root cause, exploitability, and patch guidance are not provided in the connected documents; monitor for updates.

Cisco Prime Data Center Network Manager File Upload RCE (cisco-sa-20180502-prime-upload)

The Cisco Prime Data Center Network Manager DCNM running on the remote host is affected by a remote code execution vulnerability due to improper input validation of the parameters in an HTTP request processed by the XmpFileUploadServlet servlet. An unauthenticated, remote attacker can exploit thi...

Remote code execution

The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and othe...

VMware AirWatch Agent updates resolve remote code execution vulnerability.

The VMware AirWatch Agent for Android and Windows Mobile devices contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execution of files in the Agent sandbox and other publicly accessible directories such ...

Pwn2Own Huawei HiApp vulnerability principle and the use of analysis of under-vulnerability warning-the black bar safety net

0×01 Preface Pwn2Own Huawei HiApp vulnerability principle and the use of the analysison Reading this article is the basis for understanding previous attacks construct the link. 0×02 vulnerability analysis I don't know if the attentive classmates found in my article analysis article left in the eg...

Unrestricted file upload

Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...

CVE-2018-3758

Unrestricted file upload RCE in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine...

CVE-2018-3758

CVE-2018-3758 affects the express-cart Node.js module (pre-1.1.7). The vulnerability is an unrestricted file upload via the module’s upload functionality. A privileged user can supply an attacker-controlled path and upload arbitrary files (no path/type/size validation), potentially gaining access...

CVE-2016-10624

selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary wit...

Man-in-the-Middle (MitM)

healthcenter is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the...

Man-in-the-Middle (MitM)

rs-brightcove is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and...

Man-in-the-Middle (MitM)

selenium-portal is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the...

Man-in-the-Middle (MitM)

herbivore is vulnerable to man-in-the-middle MitM attacks. This is because it downloads binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

Man-in-the-Middle (MitM)

tomita is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the...

Man In The Middle (MitM)

sfml is vulnerable to man-in-the-middle MitM attacks via downloading resources over HTTP. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remo...

Man-in-the-Middle (MitM)

clang-extra is susceptible to man-in-the-middle MitM attacks. The attacker can download binary resources via HTTP, allowing MitM attacks. Since the attacker can replace the requested binary with its controlled binary if the attacker is on the network or positioned in between the user and the remo...

Man-in-the-Middle (MitM)

pk-app-wonderbox is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...