CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Debian DSA-4379-1 : golang-1.7 - security update

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell commands. C Tenabl...

Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation

Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Date: 2019-01-22 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...

Arbitrary Shell Command Execution

Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules...

Horde Imp - imap_open Remote Command Execution

Exploit for php platform in category web applications Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link:...

Debian: Security Advisory (DSA-4353-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...

Virtuozzo 6 : emacs-git / emacs-git-el / git / git-all / git-cvs / etc (VZLSA-2017-2485)

An update for git is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

CVE-2018-16462

A command injection vulnerability in the apex-publish-static-files npm module version 2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument...

Command injection

A command injection vulnerability in the apex-publish-static-files npm module version 2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument...

CVE-2018-16462

A command injection vulnerability in the apex-publish-static-files npm module version 2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument...

CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

D-Link Routers - Command Injection Vulnerability

Exploit for hardware platform in category web applications Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02,...

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland discovered the vulnerabilities in May,...

CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...

CVE-2018-10823

CVE-2018-10823 affects several D-Link router models (DWR-116 up to 1.06, DWR-512 up to 2.02, DWR-712 up to 2.02, DWR-912 up to 2.02, DWR-921 up to 2.02, DWR-111 up to 1.01). An authenticated attacker can inject shell commands via the chkisg.htm Sip parameter, leading to arbitrary code execution a...

D-Link router httpd server shell command injection vulnerability

The DWR-116, DIR-140, and DIR-640 are all D-Link router products. A shell command injection vulnerability exists in several series of D-Link router httpd servers, where an authenticated attacker can inject shell commands into the Sip parameter of the chkisg.htm page to execute arbitrary code...

D-Link Routers - Command Injection

Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably...

CVE-2018-16509

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. Mitigation ImageMagick relies on...