CVE-2017-14477

CVE-2017-14477 relates to a shell-command injection in MMM::Agent::Helpers::Network::add_ip within MMM mmm_agentd 2.2.1 (FreeBSD). A specially crafted MMM protocol message over TCP can trigger arbitrary command execution with the privileges of mmm_agentd. Connected sources (Talos, CNVD/CVE record...

CVE-2017-14474

Summary: CVE-2017-14474 and related MMM vulnerabilities affect MMM mmm_agentd 2.2.1, where _execute() constructs a shell command without sanitizing the $params, enabling an unauthenticated attacker who can open a TCP session to execute arbitrary commands with the privileges of mmm_agentd. Related...

CVE-2017-14474

In the MMM::Agent::Helpers::execute function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An attacker that can...

CVE-2017-14476

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14476

CVE-2017-14476 affects MySQL MMM MMM agent (mmm_agentd) v2.2.1. Multiple remote command-injection vulnerabilities exist in the MMM Agent helpers, notably in MMM::Agent::Helpers::Network::add_ip(), with variants across Linux, Solaris, and FreeBSD, plus related helpers (clear_ip, check_ip) and _exe...

CVE-2017-14480

MMM Agent exposure: A set of remote command injection flaws in MMM::Agent::Helpers::Network (clear_ip/add_ip, check_ip) in mmm_agentd 2.2.1 (FreeBSD; Linux/Solaris variants in related code paths) allows unauthenticated TCP clients to execute arbitrary commands with mmm_agentd privileges. Root cau...

CVE-2017-14475

MMM Agent (mmm_agentd) 2.2.1 for Linux is affected by multiple shell command injection flaws in the MMM::Agent::Helpers::Network::add_ip and related code paths. A specially crafted MMM protocol message can inject commands via untrusted role IP input passed through configure_ip/add_ip/clear_ip and...

CVE-2017-14475

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14479

CVE-2017-14479 affects MMM MMM Agent (mmm_agentd) 2.2.1 on Solaris, with a shell command injection in MMM::Agent::Helpers::Network::clear_ip triggered by specially crafted protocol messages via a TCP session. The vulnerability arises from unsafely passing untrusted input (IP/if, etc.) through she...

CVE-2017-14479

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14480

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14477

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14481

The CVE-2017-14481 entry concerns a shell command injection in MMM (MySQL MMM) mmm_agentd 2.2.1 (Solaris). The vulnerability resides in MMM::Agent::Helpers::Network::send_arp (and related functions in MMM) where un-sanitized input from MMM protocol messages can be interpolated into shell commands...

PT-2018-5670 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the add ip function, resulting in arbitrary command execution with the privileges...

PT-2018-5673 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the clear ip function, resulting in arbitrary command execution with the privileg...

PT-2018-5675 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the clear ip function, resulting in arbitrary command execution with the privileg...

PT-2018-5676 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the MMM::Agent::Helpers::Network::send arp function, resulting in arbitrary comma...

Exim base64d Remote Code Execution

!/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s = socket.createconnectionhost,port f = s.makefile'rw', bufsize=0 def p...

Node.js third-party modules: `command-exists` concatenates unsanitized input into exec()/execSync() commands

I would like to report command injection in command-exists. It allows to inject and execute arbitrary shell commands while trying to determine if a crafted command exists. Module module name: command-exists version: 1.2.2 npm page: https://www.npmjs.com/package/command-exists Module Description...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...