Security News

Cisco fixes root privilege, command injection vulnerabilities in Cisco SD-WAN solution

2020-03-20 10:27

Cisco has fixed five security vulnerabilities in its Software-Defined WAN Solution, two of which could allow an authenticated, local attacker to either gain root privileges on the underlying operating system or to inject arbitrary commands that are executed with root privileges. While there is no indication that these flaw are being actively exploited, no workarounds addressing the vulnerabilities exist so upgrading to the Cisco SD-WAN Solution software release 19.2.2.

#cisco #commandinjection #root #sdwan #vulnerabilities #WAN #CVE-2019-16012 #CVE-2020-3265 #CVE-2020-3266

OpenSMTPD Vulnerability Leads to Command Injection

2020-02-26 11:42

An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution. The issue resides in OpenSMTPD's client-side code, which delivers mail to remote SMTP servers, and exploitation is possible either client-side, or server-side, explains security firm Qualys, which discovered the vulnerability.

#vulnerability #commandinjection

Adobe Patches Critical Command Injection, Path Traversal Flaws in ColdFusion

2019-09-24 18:32

Updates released by Adobe on Tuesday for its ColdFusion web application development platform address three vulnerabilities, including two that have been classified “critical.” read more

#adobe #commandinjection #critical

Critical Flaws in Sierra Wireless 5G Gateway Allow RCE, Command Injection

2019-04-26 16:12

The wireless gateways are used in PoS, industrial IoT and distributed enterprise settings.

#5G #commandinjection #critical #gateway #RCE #sierra #wireless

Verizon Router Command Injection Flaw Impacts Millions

2019-04-09 13:00

A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection.

#commandinjection #router #verizon

What a crane in the ass! Bug leaves construction machinery vulnerable to evil command injection

2018-10-25 18:52

Builders warned over Telecrane remote controller security vuln US-CERT is advising some customers of Telecrane construction cranes to patch their control systems – following the disclosure of a...

#commandinjection

Researchers Find Command Injection Flaw in Cisco WebEx

2018-10-25 14:23

Cisco’s WebEx software is affected by a serious vulnerability that can be exploited to execute arbitrary commands with elevated privileges. read more

#cisco #commandinjection #researcher #webex

Now that's a fortune cookie! Facebook splats $5k command-injection bug in one of its servers

2018-08-24 21:51

Find flaw, report flaw, fix flaw, get paid. Bish, bash, bosh Facebook has patched a remote-code execution flaw discovered in one of its servers.…

#commandinjection #facebook #server

Crestron Patches Command Injection Flaw in DGE-100 Controller

2018-06-12 12:01

Crestron recently addressed a command injection vulnerability in the console service preinstalled on the Digital Graphics Engine 100 (DGE-100) and other hardware controllers made by the company. read more

#commandinjection #dge100

Critical Command Injection Flaw Patched in Red Hat Linux

2018-05-16 13:31

A critical vulnerability in the DHCP client in Red Hat Enterprise Linux could allow an attacker to execute arbitrary commands on impacted systems. read more

#commandinjection #critical #linux #redhat

Security News {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Security News"}]}

Security News