SugarCRM EmailTemplates PNG file upload

Added: 03/22/2023 Background SugarCRM is customer relationship management software written in PHP. Problem A vulnerability in the EmailTemplates module allows remote, unauthenticated attackers to execute arbitrary commands on the server by uploading a PNG image file containing embedded PHP code...

SugarCRM EmailTemplates PNG file upload

Added: 03/22/2023 Background SugarCRM is customer relationship management software written in PHP. Problem A vulnerability in the EmailTemplates module allows remote, unauthenticated attackers to execute arbitrary commands on the server by uploading a PNG image file containing embedded PHP code...

FortiNAC keyUpload.jsp command execution

Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...

FortiNAC keyUpload.jsp command execution

Added: 02/24/2023 Background FortiNAC is a network access control solution. Problem A vulnerability in the keyUpload.jsp resource allows remote attackers to write arbitrary files by uploading a specially crafted zip file, leading to command execution. Resolution Upgrade to FortiNAC 7.2.0, 9.1.8,...

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

Zoho ManageEngine ServiceDesk Plus SAMLResponse command execution

Added: 02/17/2023 Background Zoho ManageEngine ServiceDesk Plus is IT helpdesk software. Problem A vulnerability in an outdated Apache Santuario library in ServiceDesk Plus allows a remote, unauthenticated attacker to execute arbitrary commands by sending a specially crafted SAMLResponse paramete...

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

Zyxel zhttpd and libclinkc.so buffer overflows

Added: 01/17/2023 CVE: CVE-2022-4510 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem A buffer overflow vulnerability in Zyxel firewalls could allow a remote, unauthenticated attacker to execute arbitrary code by requesting a...

Zyxel zhttpd and libclinkc.so buffer overflows

Added: 01/17/2023 CVE: CVE-2022-4510 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem A buffer overflow vulnerability in Zyxel firewalls could allow a remote, unauthenticated attacker to execute arbitrary code by requesting a...

pfSense pfBlockerNG Host header command injection

Added: 12/23/2022 Background pfSense is an open-source network firewall based on the FreeBSD operating system. pfSense is the software which powers Netgate Security Gateway Appliances. pfBlockerNG is a pfSense package which allows creation of firewall rules on the appliance. Problem A vulnerabili...

pfSense pfBlockerNG Host header command injection

Added: 12/23/2022 Background pfSense is an open-source network firewall based on the FreeBSD operating system. pfSense is the software which powers Netgate Security Gateway Appliances. pfBlockerNG is a pfSense package which allows creation of firewall rules on the appliance. Problem A vulnerabili...

VMware vCenter Server local privilege elevation

Added: 12/12/2022 Background VMware vCenter Server is server management software for controlling VMware vSphere environments. Problem Improper permissions on the java-wrapper-vmon file allow authenticated, unprivileged attackers to gain root privileges. Resolution Upgrade to vCenter Server 7.0 U2...

VMware vCenter Server local privilege elevation

Added: 12/12/2022 Background VMware vCenter Server is server management software for controlling VMware vSphere environments. Problem Improper permissions on the java-wrapper-vmon file allow authenticated, unprivileged attackers to gain root privileges. Resolution Upgrade to vCenter Server 7.0 U2...

VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...

VMware Cloud Foundation XStream Deserialization

Added: 10/31/2022 Background VMware Cloud Foundation is a hybrid cloud platform. Problem An XStream deserialization vulnerability in the NSM Manager component of VMware Cloud Foundation NSX-V allows a remote attacker to execute arbitrary commands. Resolution Apply the patch referenced in...

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

Airspan AirSpot pingDiagnostic command injection

Added: 09/27/2022 Background Airspan AirSpot 5410 is an advanced, LTE, CAT12, outdoor, multi-service product specifically designed to meet data needs for residential, business and enterprise users. Problem A command injection vulnerability when diagnostics.cgi handles the pingDiagnostic command...

Zimbra Collaboration Suite mboximport path traversal

Added: 08/30/2022 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem A path traversal vulnerability in the mboximport function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command...

Zimbra Collaboration Suite mboximport path traversal

Added: 08/30/2022 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem A path traversal vulnerability in the mboximport function could allow a remote attacker to create arbitrary JSP files within the web document root, leading to command...

Weblizar School Management Pro plugin backdoor

Added: 08/12/2022 CVE: CVE-2022-1609 Background Weblizar School Management is a WordPress plugin for management of school operations. Problem The license checking code in School Management Pro contains a backdoor which allows remote attackers to execute arbitrary commands. Resolution Upgrade to t...

Weblizar School Management Pro plugin backdoor

Added: 08/12/2022 CVE: CVE-2022-1609 Background Weblizar School Management is a WordPress plugin for management of school operations. Problem The license checking code in School Management Pro contains a backdoor which allows remote attackers to execute arbitrary commands. Resolution Upgrade to t...

Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution

Added: 07/18/2022 Background Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications. Problem A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to t...

Red Hat JBoss Enterprise Application Platform Remoting Unified Invoker command execution

Added: 07/18/2022 Background Red Hat JBoss Enterprise Application Platform is an open source platform for highly transactional, web-scale Java applications. Problem A remote, unauthenticated attacker can execute arbitary commands on the server by sending a specially crafted serialized object to t...

Atlassian Confluence Server OGNL injection

Added: 06/06/2022 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that could allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

Atlassian Confluence Server OGNL injection

Added: 06/06/2022 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Atlassian Confluence has an OGNL injection vulnerability that could allow an unauthenticated user to execute arbitrary code on a Confluence Server. Resolution Upgrade to Confluence...

Zyxel Firewall SetWanPortSt command injection

Added: 05/20/2022 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrar...

Zyxel Firewall SetWanPortSt command injection

Added: 05/20/2022 Background Zyxel Firewalls are a business solution providing protection from malware and unauthorized access. Problem Zyxel USG FLEX, ATP series, and VPN series firewalls are affected by a vulnerability in the SetWanPortSt command which could allow an attacker to inject arbitrar...

F5 BIG-IP iControl REST vulnerability

Added: 05/13/2022 CVE: CVE-2022-1388 Background F5 BIG-IP is a suite of network security products. Problem An authentication bypass vulnerability in the iControl REST service allows remote attackers to execute arbitrary commands. Resolution Upgrade to one of the fixed versions referenced in...

F5 BIG-IP iControl REST vulnerability

Added: 05/13/2022 CVE: CVE-2022-1388 Background F5 BIG-IP is a suite of network security products. Problem An authentication bypass vulnerability in the iControl REST service allows remote attackers to execute arbitrary commands. Resolution Upgrade to one of the fixed versions referenced in...

Apache Struts forced OGNL evaluation incomplete fix

Added: 04/26/2022 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

Apache Struts forced OGNL evaluation incomplete fix

Added: 04/26/2022 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

Spring Framework Data Binding vulnerability

Added: 04/05/2022 Background The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications. Problem Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote cod...

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

Spring Framework Data Binding vulnerability

Added: 04/05/2022 Background The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications. Problem Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote cod...

Spring Cloud Function Remote Code Execution

Added: 04/05/2022 Background Spring Cloud Function abstracts all transport details and infrastructure, allowing developers to keep all familiar tools and processes and focus on business logic. Problem Spring Cloud Function has remote code execution vulnerability. An attacker could provide a craft...

ColdFusion verifyldapserver vulnerability

Added: 03/07/2022 Background Adobe ColdFusion is a web application development platform written in Java. Problem The verifyldapserver method in utils.cfc allows a remote attacker to cause the server to download a Java class from an arbitrary LDAP server, leading to remote code execution. Resoluti...

ColdFusion verifyldapserver vulnerability

Added: 03/07/2022 Background Adobe ColdFusion is a web application development platform written in Java. Problem The verifyldapserver method in utils.cfc allows a remote attacker to cause the server to download a Java class from an arbitrary LDAP server, leading to remote code execution. Resoluti...

Polkit pkexec privilege elevation

Added: 01/27/2022 CVE: CVE-2021-4034 Background Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called pkexec that allows the user to execute commands as another user according to the polkit policy...

Polkit pkexec privilege elevation

Added: 01/27/2022 CVE: CVE-2021-4034 Background Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called pkexec that allows the user to execute commands as another user according to the polkit policy...

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

GitLab ExifTool uploaded image command injection

Added: 11/24/2021 Background GitLab is an open-source software development platform with built-in version control and issue tracking. Problem A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Apache HTTP Server path traversal

Added: 10/21/2021 Background Apache HTTP Server is an HTTP server implementation for Linux and Windows. Problem A path traversal vulnerability allows remote attackers to execute arbitrary commands in certain configurations if CGI scripts are enabled. Resolution Upgrade to Apache HTTP Server 2.4.5...

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...