Latest Security News about remote command execution

Exploitation in vBulletin allows remote command execution

Overview : vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. Affected Product(s) : vBulletin 5.x through 5.5.4 Vulnerability Details : CVE ID : CVE-2019-16759 A specific utility may allow an attacker to gain remote command execution to privileged files. Solution : Updates are available by contacting […]

unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

  Overview : An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system commands) to a publicly accessible directory of the application. CVE-2020-8639 [...]

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0

Overview : This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code [...]

cPanel before 84.0.20 allows a demo account to achieve remote code execution

Overview : cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). Vulnerability Details : CVE ID : CVE-2020-10119 Skip to end of metadata Created by Documentation, last modified yesterday at 3:08 PM Go to start of metadata 84.0.22 2020-03-16 [security] Fixed case SEC-505: Bandwidth suspensions can be triggered [...]