Citrix SD-WAN Appliance SQL and command injection

Added: 07/26/2019 Background Citrix Software-defined wide-area network SD-WAN is a service that grants the enterprise with the ability to dynamically connect branch offices and data centers on a global scale. Problem Citrix SD-WAN 10.1.x and 10.2.x before 10.2.3 allow unauthenticated SQL injectio...

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

SAPIDO RB-1732 command injection

Added: 06/28/2019 Background SAPIDO RB-1732 is a wireless router. Problem A vulnerability in the web interface allows remote attackers to execute arbitrary commands by sending a specially crafted request to the formSysCmd resource. Resolution Apply a firmware update which fixes this vulnerability...

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

Zimbra Collaboration Suite ProxyServlet Server Side Request Forgery

Added: 06/06/2019 CVE: CVE-2019-9621 Background Zimbra Collaboration Suite is an email, calendar, and collaboration solution for enterprises. Problem The ProxyServlet component allows a remote attacker to upload arbitrary files, which can then be executed, using XML External Entity injection and...

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

SAP Gateway Remote Command Execution

Added: 05/07/2019 Background SAP Gateway is a development framework, which allows non-SAP applications to communicate with SAP applications. Problem SAP Gateway behavior depends on two parameters, aclmode and simmode. If SAP Gateway access control lists ACLs are configured aclmode=0, anonymous...

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

Oracle WebLogic Server deserialization remote code execution

Added: 05/02/2019 CVE: CVE-2019-2725 BID: 108074 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem Oracle WebLogic Server component of Oracle Fusion Middleware has a deserialization vulnerability in Web Services subcomponent, which allows...

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

KACE K1000 Remote Code Execution

Added: 04/16/2019 Background KACE Systems Management Appliance manages, secures, and services network-connected devices. Problem A vulnerability in KACE Systems Management Appliance K1000 could allow unauthenticated command execution. Resolution Upgrade to the latest version of your KACE Systems...

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

Tabs Laboratories MailCarrier MAIL FROM buffer overflow

Added: 03/25/2019 Background Tabs Laboratories MailCarrier is an SMTP server. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted MAIL FROM command to the SMTP service. Resolution Upgrade to a fixed version of...

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

Horde Imp Unauthenticated Remote Command Execution

Added: 01/18/2019 BID: 106018 Background The IMP is a web-based mail client for IMAP and POP3 accounts. It is built atop the Horde Application Framework, which is a general-purpose web application library written in PHP. Problem A vulnerability in Horde IMP could allow unauthenticated command...

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

MiniShare 1.4.1 HEAD method buffer overflow

Added: 12/21/2018 Background MiniShare is a Windows program that allows sharing of files without additional services or software. Problem MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. Resolution MiniShare is deprecated. References...

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

NUUO NVR Unauthenticated Remote Code Execution

Added: 12/11/2018 Background NUUO is a surveillance solution provider. Problem The upgradehandle.php on NUUO NVRsolo, NVRsolo Plus, and NVRmini 2 devices allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. Resolution Upgrade to the...

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

Dell OpenManage Network Manager MySQL vulnerability

Added: 11/20/2018 BID: 105912 Background Dell OpenManage Network Manager is a product for monitoring and managing network devices. Problem Dell OpenManage Network Manager runs the MySQL database service with root privileges and enables default database accounts, allowing a remote attacker to writ...

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

libssh authentication bypass

Added: 10/29/2018 BID: 105677 Background libssh is a C library implementing the SSHv2 protocol. Problem A vulnerability in libssh allows remote users to bypass authentication by sending a SSH2MSGUSERAUTHSUCCESS message instead of a SSH2MSGUSERAUTHREQUEST message. Resolution Upgrade to libssh 0.7....

Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018 BID: 105506 Background Cisco Prime Infrastructure, is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then...

Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018 BID: 105506 Background Cisco Prime Infrastructure, is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then...

Cisco Prime Infrastructure TFTP file upload vulnerability

Added: 10/11/2018 BID: 105506 Background Cisco Prime Infrastructure, is a management system of wireless and wired networks. Problem A vulnerability in Cisco Prime Infrastructure allows remote, unauthenticated attackers to execute arbitrary commands by uploading a JSP file via TFTP, and then...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

Apache Struts undefined namespace vulnerability

Added: 09/05/2018 BID: 105125 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A remote attacker can execute...

Axis IP Camera authentication bypass and command injection

Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...

Axis IP Camera authentication bypass and command injection

Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...

Axis IP Camera authentication bypass and command injection

Added: 08/13/2018 Background Axis IP Cameras are a line of networked surveillance devices. Problem A remote attacker could execute arbitrary commands by exploiting an authentication bypass vulnerability in the .srv functionality and a command injection vulnerability in the parhand component...

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

EMC RecoverPoint command injection in SSH username

Added: 07/05/2018 CVE: CVE-2018-1235 BID: 104246 Background Dell EMC RecoverPoint is an application recovery solution. Problem A command injection vulnerability allows a remote attacker to execute arbitrary commands embedded in the username of an SSH authentication request. Resolution Upgrade to...