8755 matches found
SUSE SLES11 Security Update : vim (SUSE-SU-2016:2938-1)
This update for vim fixes the following security issues : - Fixed CVE-2016-1248, an arbitrary command execution vulnerability bsc1010685 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...
FreeBSD : Roundcube -- arbitrary command execution (125f5958-b611-11e6-a9a5-b499baebfeaf)
The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...
Roundcube -- arbitrary command execution
The Roundcube project reports steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote...
[ASA-201611-29] neovim: arbitrary command execution
Arch Linux Security Advisory ASA-201611-29 ========================================== Severity: High Date : 2016-11-29 CVE-ID : CVE-2016-1248 Package : neovim Type : arbitrary command execution Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package neovim before...
Arbitrary Command Execution Vulnerability in Crowe Security Certification Gateway
Crowe Security Authentication Gateway is a user authentication, access and access control device, which can guarantee the information security of network and application resources. There is an arbitrary command execution vulnerability in the doubleview.php page of Crowe Security Gateway. An...
vim -- arbitrary command execution
Mitre reports: vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...
Veritas NetBackup Appliance Arbitrary Command Execution Vulnerability
Veritas NetBackup simplifies both the deployment and maintenance of data protection environments with a turnkey solution that is ideal for data centers, remote offices and virtual environments. A remote arbitrary command execution vulnerability exists in the Veritas NetBackup Appliance. An attack...
ansible: Command injection by compromised server via fact variables
Ansible fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as...
GLSA-201611-05 : tnftp: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201611-05 tnftp: Arbitrary code execution The fetchurl function in usr.bin/ftp/fetch.c allows remote attackers to execute arbitrary commands via a Impact : A remote attacker could possibly execute arbitrary code with the privilege...
IBM BigFix Platform Remote Command Injection Vulnerability
IBM BigFix Platform formerly known as IBM Endpoint Manager, Tivoli Endpoint Manager is a set of system management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other...
Terminology Arbitrary Command Execution Vulnerability
Terminology belongs to a branch of linguistics. Terminology suffers from an arbitrary command execution vulnerability due to a failure to adequately filter user-supplied input. An attacker could be allowed to exploit this vulnerability to execute arbitrary commands...
git-fastclone Arbitrary Command Execution Vulnerability
git-fastclone is a set of tools for cloning git. An arbitrary command execution vulnerability exists in git-fastclone versions prior to 1.0.1, which stems from a program executing arbitrary shell commands from .gitmodules. The vulnerability can be exploited to execute arbitrary shell commands by...
openSUSE Security Update : bash (openSUSE-2016-1260)
This update for bash fixes the following security issues : - CVE-2016-7543: Local attackers could have executed arbitrary commands via specially crafted SHELLOPTS+PS4 variables bsc1001299 - CVE-2016-0634: Malicious hostnames could have allowed arbitrary command execution when $HOSTNAME was expand...
FreePBX Framework remotemod Parameter Remote Command Execution
A remote command execution vulnerability exists in FreePBX. The vulnerability is due to lack of sanitization for 'remotemod' parameter. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary command in the security context of the affected service...
LifeSize Room 5.0.9 - Multiple Vulnerabilities
LifeSize Room 5.0.9 - Multiple Vulnerabilities Source: https://github.com/XiphosResearch/exploits/tree/master/deathsize LifeSize Room 5.0.9, remote config disclosure, code execution & local privilege escalation Ultimately the Lifesize Room products have fundamentally flawed firmware, many similar...
AlienVault USM and OSSIM get_directive_kdb.php directive_id SQL Injection
A SQL injection vulnerability has been reported in AlienVault USM and OSSIM. The vulnerability is due to a failure to sanitize input on requests to getdirectivekdb.php. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable application...
Amazon Linux: Security Advisory (ALAS-2016-756)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
HP Data Protector Remote Command Execution (CVE-2016-2004)
An arbitrary command execution vulnerability exists in the HPE Data Protector. A remote, unauthenticated attacker could exploit this vulnerability by sending malformed requests to a HPE Data Protector service. Successful exploitation could lead to arbitrary command execution under the context of...
Trend Micro SafeSync for Enterprise ad.pm id Remote Command Execution
A remote command execution vulnerability exists in Trend Micro Safe Sync for Enterprise ad.pm page. The vulnerability is due to insufficient validation of the user-supplied id parameter. A remote, authenticated attacker could exploit this vulnerability by sending a crafted input to the vulnerable...
SUSE SLED12 / SLES12 Security Update : tiff (SUSE-SU-2016:2508-1)
This update for tiff fixes the following security issues : - CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba bsc974449 - Various out-of-bound write vulnerabilities with unspecified impact MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098 -...