342 matches found
CVE-2019-14657
Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitra...
logrotten 3.15.1 - Privilege Escalation
logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...
CVE-2019-15949
Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile profile.php?cmd=download, is executed as root via a...
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability (CNVD-2019-38848)
Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A command injection vulnerability exists in the web portal of Cisco Enterpri...
UBUNTU-CVE-2019-13917
Exim 4.85 through 4.92 fixed in 4.92.1 allows remote code execution as root in some unusual configurations that use the $sort expansion for items that can be controlled by an attacker e.g., $localpart or $domain...
PT-2019-18499 · Linear · Linear Emerge 50P/5000P
Name of the Vulnerable Software and Affected Versions: Linear eMerge 50P/5000P devices affected versions not specified Description: The issue allows authenticated command injection with root code execution. Recommendations: At the moment, there is no information about a newer version that contain...
CVE-2019-7276
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console...
VulnCheck KEV: CVE-2019-3929
Multiple Crestron products are vulnerable to command injection via the filetransfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root...
CVE-2019-7443
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes thi...
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
CVE-2018-20487
An issue was discovered in the firewall3 component in Inteno IOPSYS 1.0 through 3.16. The attacker must make a JSON-RPC method call to add a firewall rule as an "include" and point the "path" argument to a malicious script or binary. This gets executed as root when the firewall changes are...
CVE-2018-7364
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges...
DEBIAN-CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
UBUNTU-CVE-2016-10730
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
CVE-2018-14928
/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter...
source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code
A privilege escalation flaw was found in the source-to-image component of Openshift Container Platform which allows the assemble script to run as the root user in a non-privileged container. An attacker can use this flaw to open network connections, and possibly other actions, on the host which a...
Security Bulletin: Privilege escalation vulnerability affects IBM Security Guardium (CVE-2017-1122)
Summary IBM Security Guardium contains a vulnerability that could allow a local attacker with CLI access to inject arbitrary commands which would be executed as root. IBM Security Guardium has addressed this issue Vulnerability Details CVEID: CVE-2017-1122 DESCRIPTION: IBM Security Guardium...
CVE-2018-0324
A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, high-privileged, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command parameters in the CLI parser. An attacker coul...
dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script
A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root...
CVE-2018-10577
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. File upload functionality allows any users authenticated on the web interface to upload files containing code to the web root, allowing these files...