Latest Security News about remote code execution

cPanel before 84.0.20 allows a demo account to achieve remote code execution

Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Vulnerability Details : CVE ID : CVE-2020-10119 Skip to end of metadata Created by Documentation, last modified yesterday at 3:08 PM Go to start of metadata 84.0.22 2020-03-16 [security] Fixed case SEC-505: Bandwidth suspensions can be triggered [...]

Vtiger CRM <= 6.3 Authenticated Remote Code Execution

Overview : Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code Execution. Affected Product(s) : vTiger CRM 6.3.0 Vulnerability Details : CVE ID : CVE-2015-600 Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to […]

Unauthenticated Remote Code Execution Vulnerability in D-Link DIR-859

Overview : D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. Affected Product(s) : D-Link DIR-859 before v1.07b03_beta Vulnerability Details : CVE ID : CVE-2019-20213 In order for this security exploit to be done a malicious user would have to get access to the LAN-side or in-home […]

Remote Code Execution vulnerability in SonicWall

Overview : A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. Affected Product(s) : SonicWall Email Security Appliance 10.0.2 and earlier Vulnerability Details : CVE ID : CVE-2019-7489 NOTE: This vulnerability affected Email Security Appliance version 10.0.2 and earlier. Solution : Update to Email Security Appliance 10.0.3

Remote Code Execution in Exim from (4.92 through 4.92.2)

Overview : Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. Affected Product(s) : Exim 4.92 through 4.92.2 Vulnerability Details : CVE ID : CVE-2019-16928 Heap-based buffer overflow in string_vformat, remote code execution seems to be […]