The vulnerability of the bpserverd protocol used by Unitrends Backup software allows a perpetrator to bypass authentication procedures or execute arbitrary commands with root privileges.

The vulnerability of the bpserverd protocol used by Unitrends Backup software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process or execute arbitrary commands with root privileges, using the xinetd...

The vulnerability of the Screensavercc component in the eLux RP operating system allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the Screensavercc component in the eLux RP operating system is related to the lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to bypass configuration restrictions and execute arbitrary commands with root privileges by inserting...

Unitrends Backup Privilege Access Control Vulnerability

Unitrends Backup UB is a set of data protection software from the American company Unitrends. The software provides data backup, data recovery and deduplication functions. A security vulnerability exists in session logic in versions of UB prior to 10.0.0. A remote attacker can exploit this...

Trend Micro Deep Discovery Director Hard-Coded Archive File Password Vulnerability

Trend Micro Deep Discovery is a protection product from Trend Micro that detects and identifies hard-to-find threats in real time and proposes solutions. director is one of the built-in solutions with the ability to update and upgrade various programs in Deep Discovery. A security vulnerability...

CVE-2017-11746

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...

Cisco IOS XR Local Elevation of Privilege Vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. An elevation of privilege vulnerability exists in Cisco IOS XR that allows a local user to execute arbitrary operating system commands as root by leveraging administrator privileges...

CVE-2017-6714

A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability b...

EMC VNX2 OE for File and VNX1 OE for File Local Elevation of Privilege Vulnerability

The EMC VNX2 OE for File and VNX1 OE for File are file storage devices from EMC Corporation USA. A security vulnerability exists in EMC VNX2 OE for File and VNX1 OE for File, which can be exploited by a local attacker to submit a special request to execute arbitrary commands with root privileges...

CVE-2017-8116

The management interface for the Teltonika RUT9XX routers aka LuCI with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request...

Remote Command Injection Vulnerability at Foscam camera Add User

FOSCAM Group is a national high-tech enterprise specializing in the design, research and development, manufacturing and sales of network cameras, network video recorders and other products. Remote command injection vulnerability exists in the usrName parameter of the CGIProxy.fcgi addAccount...

Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability

Cisco Prime Collaboration is a comprehensive video and voice service assurance and management system. An authentication bypass vulnerability exists in the web interface of Cisco Prime Collaboration Provisioning, which stems from a lack of security restrictions in certain HTTP request methods. An...

CVE-2017-8859

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root...

Design/Logic Flaw

In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root...

CVE-2017-1122

IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM X-Force ID: 121174...

GPG Suite Arbitrary Command Execution Vulnerability

GPG Suite is an iOS-based encryption and decryption suite for communication security. A security vulnerability exists in the 'installPackage' function of the installerHelper subcomponent in versions of GPG Suite prior to 2015.06. A local attacker can exploit the vulnerability to execute arbitrary...

CVE-2016-10107

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header...

CVE-2016-10108

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data...

Authentication Command Injection Vulnerability in PwdGrp.cgi for AVTECH Devices

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. An authentication command injection vulnerability exists in AVTECH device PwdGrp.cgi. The PwdGrp.cgi script can be used to...

CVE-2016-6373

The web-based GUI in Cisco Cloud Services Platform CSP 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541...

CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...