1801 matches found
Node.js third-party modules: [apex-publish-static-files] Command Injection on connectString
I would like to report a command injection vulnerability in the apex-publish-static-files npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: apex-publish-static-files version: 2.0.0 npm page:...
CVE-2018-3786
A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...
CVE-2018-3786
A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...
CVE-2018-3786
CVE-2018-3786 affects egg-scripts prior to 2.8.1. A crafted command line argument enables command injection, allowing arbitrary shell command execution. Impact, per sources, is remote code execution in affected setups; exploitability is via untrusted input passed to egg-scripts. Remediation: upgr...
Ghostscript - Multiple Vulnerabilities
Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...
Ghostscript - Multiple Vulnerabilities
Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussi...
Ghostscript - Multiple Vulnerabilities
http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussion to oss-security. You might recall I...
Shell Command Injection
egg-scripts is vulnerable to shell command injection attacks. The attack exists because the library uses the execFile function which is not properly sanitized, allowing the attacker to inject malicious shell commands through command line argument...
GHSA-MF6W-45CF-QHMP Git-fastclone passes user modifiable strings directly to a shell command
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...
Git-fastclone passes user modifiable strings directly to a shell command
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...
GHSA-8GG6-3R63-25M8 git-fastclone permits arbitrary shell command execution from .gitmodules
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
git-fastclone permits arbitrary shell command execution from .gitmodules
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
Node.js third-party modules: [ascii-art] Command injection
I would like to report a command injection vulnerability in the ascii-art npm module. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: ascii-art version: 1.4.3 npm page: https://www.npmjs.com/package/ascii-art Module Description...
Node.js third-party modules: [egg-scripts] Command injection
I would like to report a command injection vulnerability in egg-scripts. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: egg-scripts version: 2.6.0 npm page: https://www.npmjs.com/package/egg-scripts Module Description "deploy...
CVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...
CVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...
CVE-2018-10660
CVE-2018-10660 affects Axis Network Cameras. The connected sources confirm a shell command injection vulnerability in multiple Axis IP Camera models, enabling unauthenticated remote command execution through the .srv-to-parhand flow in the device’s UI/API, potentially giving root/system-level acc...
CVE-2018-10660
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...
CVE-2018-12591
Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...
Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”
A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Ax...