Remote Command Execution

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

| | Local File Inclusion, Privilege Escalation, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action
Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability ...
SecuriTeam Blogs
Infoblox certificates Datadog Web3 DNSSEC OPSWAT web application security

Zip Slip Vulnerability Affecting Thousands of Apps Puts Systems at Risk

| | Directory Traversal, Remote Code Execution, Remote Command Execution, zip slip
Thousands of software projects and libraries contain code that extracts archives in an insecure way, allowing attackers to write arbitrary files outside the intended directories. In many cases, this can lead to ...
Security Boulevard

SSD Advisory – QRadar Remote Command Execution

| | Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action
Vulnerability Summary Multiple vulnerabilities in QRadar allow a remote unauthenticated attackers to cause the product to execute arbitrary commands. Each vulnerability on its own is not as strong as their chaining – ...
SecuriTeam Blogs

SSD Advisory – TerraMaster TOS Unauthenticated Remote Command Execution

| | Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action
Vulnerability Summary The following advisory describes a unauthenticated remote command execution found in TerraMaster TOS 3.0.33. TOS is a “Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 ...
SecuriTeam Blogs

SSD Advisory – Western Digital My Cloud Pro Series PR2100 Authenticated RCE

| | Remote Command Execution, SecuriTeam Secure Disclosure
Vulnerability Summary A vulnerability in the Western Digital My Cloud Pro Series PR2100 allows authenticated users to execute commands arbitrary commands. Credit An independent security researcher has reported this vulnerability to Beyond ...
SecuriTeam Blogs

VK Messenger (VKontakte) vk:// URI Handler Commands Execution

| | Remote Command Execution, SecuriTeam Secure Disclosure, security bloggers network, unauth
Vulnerability Summary The following describes a vulnerability in VK Messenger that is triggered via the exploitation of improperly handled URI. VK (VKontakte; [..], meaning InContact) is “an online social media and social ...
SecuriTeam Blogs