CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands...

CVE-2014-0163

CVE-2014-0163 affects OpenShift and is caused by unsanitized data being passed into shell commands, leading to shell command injection. According to NVD, the CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, low attack complexity, privileges required: LOW, and user interaction: NONE;...

CVE-2013-0293

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...

NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0223)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style...

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

ALPINE-CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

CVE-2019-18934

A shell command injection vulnerability was discovered in the way unbound handles DNS queries for systems with a public key used for IPsec. When ipsecmod is enabled, a malicious DNS server could send a DNS reply which would be used during a following DNS query to execute shell commands with the...

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)

Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source Version: 0.11.10...

RHEL 7 : patch (RHSA-2019:3757)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3757 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-2219)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for...

CVE-2013-1751

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT%' parameter value containing Perl backtick characters...

patch: OS shell command injection when processing crafted patch files

A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Exploit for Command Injection in Radare Radare2

CVE-2019-14745 weaponized radare2 vulnerability CVE-2019-1474...

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...

CVE-2005-3056

TWiki is affected by CVE-2005-3056 due to an arbitrary shell command execution flaw in the Include function. The vulnerability enables an attacker to execute commands on the server when TWiki processes Include, with network access, no authentication, and no user interaction required in the CVSS a...

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...

Amazon Linux AMI : patch (ALAS-2019-1312)

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.CVE-2018-20969 GNU patch through 2.7.6 is vulnerable to OS shell...