Sophos Web Appliance UsrBlocked.php command injection

Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...

Apache Struts forced OGNL evaluation incomplete fix

Added: 04/26/2022 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

Bash environment variable code injection over HTTP

Added: 09/26/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Problem The Bash shell executes commands injected after function definitions contained in environment variables. This could be used by a...

WebSVN search command execution

Added: 06/23/2021 Background WebSVN is a web interface for Subversion repositories. Problem A command injection vulnerability allows remote unauthenticated attackers to execute arbitrary commands by sending a specially crafted search request. Resolution Upgrade to WebSVN 2.6.1 or higher. Referenc...

Linux Dirty COW Local File Overwrite

Added: 10/27/2016 CVE: CVE-2016-5195 BID: 93793 Background This tool allows you to overwrite an arbitrary file on Linux systems. Problem A race condition exists in the way the Linux kernel's memory subsystem handles the copy-on-write COW breakage of private read-only memory mappings. An...

Cisco AnyConnect Secure Mobility Client VPNWeb ActiveX Code Execution

Added: 06/13/2011 CVE: CVE-2011-2039 BID: 48081 OSVDB: 72714 Background Cisco AnyConnect Secure Mobility Client provides remote mobile users with secure IPsec IKEv2 or SSL Virtual Private Network VPN connections to Cisco 5500 Series Adaptive Security Appliances ASA and devices that are running...

Aruba Instant command execution

Added: 07/28/2021 Background Aruba Instant is a controllerless wi-fi solution. Problem The combination of several different vulnerabilities in Aruba Instant could allow remote attackers to execute arbitrary commands by sending specially crafted web requests. Resolution Upgrade to Aruba Instant...

VMware Aria Operations for Networks default SSH key

Added: 09/06/2023 Background SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device. Probl...

PaperCut authentication bypass

Added: 05/12/2023 Background PaperCut is print management software. It includes a web interface written in Java. Problem An authentication bypass vulnerability in the SetupCompleted class allows a remote, unauthenticated attacker to execute arbitrary code in the context of SYSTEM. Resolution...

ESTsoft ALZip MIM File Handling Buffer Overflow

Added: 08/09/2011 CVE: CVE-2011-1336 BID: 48493 OSVDB: 73684 Background ESTsoft ALZip is a Windows-based file compression program that can unzip 40 different zip file archives. ALZip can zip files into 8 different archives such as ZIP, EGG, TAR and others. Problem ESTsoft ALZip 8.21 and earlier i...

Ivanti Cloud Services Appliance exec cookie command injection

Added: 03/26/2024 Background Ivanti Cloud Services Appliance CSA is an appliance that connects the console and managed devices over the Internet. Problem Cloud Services Appliance 4.5 and 4.6 are affected by a vulnerability which could allow a remote unauthenticated attacker to inject arbitrary...

FortiNAC keyUpload.jsp command execution

Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

VERITAS NetBackup vnetd bpspsserver buffer overflow

Added: 04/14/2006 CVE: CVE-2006-0991 BID: 17264 OSVDB: 24170 Background VERITAS NetBackup is a backup and recovery solution for multiple platforms. Problem A buffer overflow in bpspsserver allows a remote attacker to execute arbitrary commands by sending a specially crafted Request Service messag...

Microsoft IIS FTP Server NLST Command Remote Overflow

Added: 09/03/2009 CVE: CVE-2009-3023 BID: 36189 OSVDB: 57589 Background Microsoft Internet Information Server IIS includes a web server and an FTP server. Problem A stack overflow in the FTP server in IIS 5 and 6.0 via a crafted NLST command that uses wildcards allows remote authenticated users t...

Windows Shell LNK file CONTROL item command execution

Added: 07/22/2010 CVE: CVE-2010-2568 BID: 41732 OSVDB: 66387 Background Microsoft Windows supports LNK files, also known as shortcuts, which are references to other files. Shortcuts can be placed in a location which is convenient for users such as the Desktop or Start menu, from which they can be...

Atlassian Crowd pdkinstall arbitrary plugin installation

Added: 12/22/2020 Background Atlassian Crowd is a single sign-on solution for Atlassian products. Problem Atlassian Crowd and Crowd Data Center incorrectly enabled the pdkinstall development plugin, allowing attackers to install arbitrary plugins, leading to remote code execution. Resolution...

Webmin password_change.cgi backdoor

Added: 08/26/2019 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem A backdoor in Webmin allows a remote attacker to execute arbitrary commands by sending a POST request for passwordchange.cgi...

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

Cisco UCS Director authentication bypass and command injection

Added: 09/13/2019 CVE: CVE-2019-1937 Background Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Problem An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a...

Citrix ShareFile StorageZones file upload

Added: 08/28/2023 Background ShareFile is a file sharing service. StorageZones are user-maintained storage for ShareFile data. Problem A vulnerability in ShareFile StorageZones Controller allows remote attackers to upload arbitrary files, leading to command execution. Resolution Upgrade to...

Oracle WebLogic Apache Commons library deserialization vulnerability

Added: 11/20/2015 CVE: CVE-2015-4852 BID: 77539 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Apache Commons is a widely used Java library which is included in WebLogic Server. Problem A vulnerability in the Apache Commons library used by Oracl...

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

Oracle WebLogic Server BadAttributeValueExpException deserialization

Added: 05/27/2020 CVE: CVE-2020-2555 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A Java object deserialization vulnerability in WebLogic allows unauthenticated remote code execution by sending a serialized BadAttributeValueExpExceptio...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Telnetd Encryption Key ID Code Execution

Added: 02/11/2012 CVE: CVE-2011-4862 BID: 51182 OSVDB: 78020 Background Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Problem The flaw is caused due to a...

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

Aviatrix Controller list_flightpath_destination_instances command injection

Added: 02/04/2025 Background Aviatrix Controller is a cloud networking platform that manages connectivity of cloud and hybrid networks. Problem A command injection vulnerability in the listflightpathdestinationinstances API action allows remote attackers to execute arbitrary commands. Resolution...

Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other...

Netgear R7000 Router remote command execution

Added: 07/01/2020 Background Netgear R7000 is a line of wireless routers. Problem A vulnerability in the web interface could allow unauthenticated attackers to execute arbitrary commands on the device. Resolution Disable access to the web interface from the public network. References Platforms...

MySQL yaSSL SSL Hello message buffer overflow

Added: 03/10/2008 CVE: CVE-2008-0226 BID: 27140 OSVDB: 41935 Background MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default. Problem A buffer overflow vulnerability in the...

Windows SMB PsImpersonateClient null token vulnerability

Added: 07/13/2017 CVE: CVE-2017-0144 BID: 96704 Background Server Message Block SMB is the protocol used by Microsoft Windows computers to communicate over a network. Problem A remote attacker can execute arbitrary commands with SYSTEM privileges by overwriting the token to a null value and forci...

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

Apache chunked encoding buffer overflow

Added: 05/08/2006 CVE: CVE-2002-0392 BID: 5033 OSVDB: 838 Background Apache web servers support chunked encoding, which is used by a web client to send data to the server in parts, or chunks. Problem A flaw in the calculation of the size of chunked encoding leads to a buffer overflow, allowing...

VMware vCenter Server local privilege elevation

Added: 12/12/2022 Background VMware vCenter Server is server management software for controlling VMware vSphere environments. Problem Improper permissions on the java-wrapper-vmon file allow authenticated, unprivileged attackers to gain root privileges. Resolution Upgrade to vCenter Server 7.0 U2...

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

PHPMailer PwnScriptum Remote Code Execution

Added: 01/05/2017 BID: 95108 Background PHPMailer is a PHP class used for sending email from PHP. It is used by many open-source projects, e.g., WordPress, Drupal, and Joomla. Problem PHPMailer class mailSend function is vulnerable to command injection due to failure to properly sanitize the...

Citrix ShareFile StorageZones file upload

Added: 08/28/2023 Background ShareFile is a file sharing service. StorageZones are user-maintained storage for ShareFile data. Problem A vulnerability in ShareFile StorageZones Controller allows remote attackers to upload arbitrary files, leading to command execution. Resolution Upgrade to...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Nagios 3 history.cgi Command Injection

Added: 01/28/2013 CVE: CVE-2012-6096 BID: 56879 OSVDB: 88322 Background Nagios is a network host and service monitoring and management system. Problem The Nagios history.cgi script is vulnerable to a stack overflow when parsing the host parameter. This may allow an attacker to execute arbitrary...

IIS Double Decoding Directory Traversal

Added: 11/28/2005 CVE: CVE-2001-0333 BID: 2708 OSVDB: 556 Background Microsoft IIS is a web server for Windows platforms. Problem Microsoft IIS 4.0 and 5.0 allow path validation checks to be bypassed by URL-encoding invalid characters twice. Thus, a backslash is first represented as %5c, and then...

Aruba Instant command execution

Added: 07/28/2021 Background Aruba Instant is a controllerless wi-fi solution. Problem The combination of several different vulnerabilities in Aruba Instant could allow remote attackers to execute arbitrary commands by sending specially crafted web requests. Resolution Upgrade to Aruba Instant...

Cisco UCS Director authentication bypass and command injection

Added: 09/13/2019 CVE: CVE-2019-1937 Background Cisco UCS Director is a heterogeneous platform for private cloud Infrastructure as a Service IaaS. Problem An authentication bypass vulnerability in the ClientServlet allows unauthenticated users to gain an administrative session. Furthermore, a...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

ASUS Router infosvr Service Remote Command Execution Vulnerability

Added: 01/13/2015 CVE: CVE-2014-9583 BID: 71889 OSVDB: 116691 Background ASUS manufactures network devices, including routers and wireless repeaters. Some of these devices include the infosvr service, part of the "ASUS Wireless Router Device Discovery Utility". The infosvr service listens on port...

Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow

Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...

JetBrains TeamCity authentication bypass

Added: 10/03/2023 Background JetBrains TeamCity is a continuous integration tool for DevOps teams. Problem An authentication bypass vulnerability in JetBrains TeamCity could allow remote attackers to execute arbitrary commands. Resolution Upgrade to TeamCity 2023.05.4 or higher. References...

D-Link NAS nas_sharing.cgi command injection

Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage NAS devices allow different clients to connect to a centralized disk on a Local Area Network LAN. Problem A backdoor and a command injection vulnerability in the nassharing.cgi script allow a remote attacker to execut...

Netgear R7000 Router remote command execution

Added: 07/01/2020 Background Netgear R7000 is a line of wireless routers. Problem A vulnerability in the web interface could allow unauthenticated attackers to execute arbitrary commands on the device. Resolution Disable access to the web interface from the public network. References...

Microsoft Word and WordPad RTF HTA handler command execution

Added: 04/20/2017 CVE: CVE-2017-0199 BID: 97498 Background Rich Text Format RTF is a text file format supported by various Microsoft products and word processors. RTF supports text styling, images, and embedded objects. Problem A vulnerability in Microsoft Word and WordPad could allow command...