OpenNMS Horizon 31.0.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-22277 · Fitnesse · Fitnesse

Name of the Vulnerable Software and Affected Versions: FitNesse all releases Description: The issue allows a remote authenticated attacker to execute arbitrary OS commands. Note that this behavior is claimed by a contributor to be a product specification rather than a vulnerability, and this is...

PT-2024-2930 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.3 Description: The issue is related to a heap overflow vulnerability in the WLAvalancheService component. This vulnerability can be exploited by a remote unauthenticated attacker to execute arbitrary...

PT-2024-2913 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.3 Description: The issue is related to a Path Traversal vulnerability in the web component of Ivanti Avalanche. This vulnerability is caused by incorrect restriction of the directory path name with limit...

PT-2024-2386 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.20 multi Description: The issue is related to the function formSetSambaConf at the /goform/setsambacfg endpoint, where the usbName parameter is not properly sanitized, leading to OS command...

OESA-2024-1292 aops-zeus security update

A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...

OESA-2024-1291 aops-zeus security update

A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...

OESA-2024-1273 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

OESA-2024-1272 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

OESA-2024-1271 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

OESA-2024-1274 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

OESA-2024-1275 migration-tools security update

A tool to help users migrate the Centos system to the UOS system and openEuler system. Security Fixes: By sending HTTP requests to access a specific interface, attackers can execute arbitrary commands with root privileges on remote machines.CVE-2024-24892...

The vulnerability of the Wireless Manager (FortiWLM MEA) extension of the Fortinet FortiManager device management software allows a attacker to execute arbitrary code or commands.

The vulnerability of the Wireless Manager FortiWLM MEA extension of the Fortinet FortiManager software for centralized device management is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands or scripts using specially...

The vulnerability of the command-line interface of ArubaOS systems arises from the lack of measures taken to eliminate special elements used in operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of the command-line interface of ArubaOS exists because measures to neutralize the special elements used in the operating system’s command are not taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Cisco Firepower Management Center Remote Command Execution

Exploit Title: Cisco Firepower Management Center Google Dork: non Date: 12/06/2023 Exploit Author: Abdualhadi khalifa Version: 6.2.3.18", "6.4.0.16", "6.6.7.1 CVE : CVE-2023-20048 import requests import json set the variables for the URL, username, and password for the FMC web services interface...

ROS-2-2008

2.2008 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

The vulnerability of the IBM Engineering Requirements Management DOORS application, related to the manipulation of inter-site requests, allows a perpetrator to execute arbitrary commands.

The vulnerability of the IBM Engineering Requirements Management DOORS application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...