ARRIS VAP2500 config_wds Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the various txtmac parameters provided to the configwds.php management porta...

Paragon Initiative Enterprises: Paragonie Airship Admin CSRF on Extensions Pages

Summary ========== The /bridge/admin/skyport/install endpoint, as well as some of the endpoints around it, are vulnerable to Cross-Site Request Forgery. Description ========= The functions in src/Cabin/Bridge/Controller/Skyport.php in the Airship project appear to all be vulnerable to Cross-Site...

Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL

These vulnerabilities were discovered by Aleksandar Nikolic of Cisco TalosOverviewMatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit SDK that is geared towards application in Internet of Things IOT devices and other embedded systems. It features low resource overhead a...

Samba 'nmbd' NetBIOS Name Services Daemon RCE Vulnerability (CVE-2014-3560)

Samba is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits

A security researcher has found four vulnerabilities, including a critical remote code execution bug, in OpenVPN, those were not even caught in the two big security audits of the open source VPN software this year. OpenVPN is one of the most popular and widely used open source VPN software...

Flash Player < 26.0.0.126 Multiple RCE (APSB17-17)

Binary data 700144.prm...

pear-Horde_Image -- remote code execution vulnerability

Michael J Rubinsky reports: The fist vulnerability CVE-2017-9774 is a Remote Code Execution vulnerability and is exploitable by a logged in user sending a maliciously crafted GET request to the Horde server...

HPE UCMDB 'UploadFileOnUIServerServlet' Servlet Path Handling RCE (HPESBGN03758)

The version of HP Universal Configuration Management Database Server UCMDB running on the remote web server is missing a security patch. It is, therefore, affected by a remote code execution vulnerability in the 'UploadFileOnUIServerServlet' servlet due to improper handling of user-supplied paths...

Ubisoft uPlay < 2.0.4 Browser Plugin RCE

According to its version number, the Ubisoft uPlay application installed on the remote host is prior to 2.0.4. It is, therefore, affected by a remote code execution vulnerability in the web browser plugin due to improper validation of user-supplied input passed via the '-orbitexepath' command lin...

PHP 5.6.x < 5.6.23, 7.x < 7.0.8 RCE Vulnerability (Jun 2017) - Windows

PHP is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if descripti...

“Phoenix Talon”in the Linux Kernel —lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net

! About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...

IBM Informix Dynamic Server - Code Injection Remote Code Execution

IBM Informix Dynamic Server - Code Injection Remote Code Execution !/usr/local/bin/python """ IBM Informix Dynamic Server doconfig PHP Code Injection Remote Code Execution Vulnerability 0DAY Bonus: free XXE bug included! Download:...

Microsoft Windows Multiple RCE Vulnerabilities (KB4022839)

This host is missing a critical security update according to Microsoft security update KB4022839. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

"Phoenix Talon" in Linux Kernel (Phoenix Talon)

About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...

RealPlayer 18.1.5.x < 18.1.5.694 (Win) RCE

Binary data 700137.prm...

Adobe Captivate Quiz Reporting Feature 'internalServerReporting.php' File Upload RCE

The Adobe Captivate application running on the remote web server is affected by a remote code execution vulnerability in the quiz reporting feature within the 'internalServerReporting.php' script due to improper sanitization and verification of uploaded files before placing them in a...

Aerohive Networks HiveOS RCE Vulnerability

Aerohive HiveOS is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Atlassian Bamboo RCE Vulnerability

Atlassian Bamboo is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft SharePoint Server Multiple RCE Vulnerabilities (KB3172445)

This host is missing an important security update according to Microsoft KB3172445 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Office Compatibility Pack RCE Vulnerability (KB3127894)

This host is missing an important security update according to Microsoft Update KB3127894. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...