A directory traversal vulnerability in F5 BIG-IP Traffic Management User Interface (TMUI) allows unauthenticated attackers to run remote code on the underlying operating system as root.
The administrative console in Pydio Cells allows a user with administrator role to set the path for the sendmail binary executable, when the "sendmail" option is selected in the mailer configuration.
Due to lack of sanitization in the given parameter, an administrator user can set the path to an arbitrary binary.
Due to lack of sanitization in the given parameter, an administrator user can set the path to an arbitrary binary.
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
The target parameter in events.php in Pandora FMS 7.0NG 742, 743 and 744 allows remote authenticated users to execute arbitrary OS commands.
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence.
The sub_resource_create function of class M_devices in m_devices.php of Open-AudIT 3.2.2 allows remote authenticated users to upload arbitrary PHP files, allowing the execution of arbitrary php code in the system.
The Kinetica Admin web application did not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system.
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory.
This update fixes OS detection when detecting DCNM version.
This update fixes OS detection when detecting DCNM version.