Debian: Security Advisory (DSA-4052-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

CVE-2017-1000215

CVE-2017-1000215 affects ROOT xrootd versions 4.6.0 and earlier, exposing an unauthenticated shell command injection that enables remote code execution. The vulnerability is documented across multiple advisories (NVD, SUSE, Gentoo GLSA) indicating remote code execution via a shell command injecti...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

CVE-2017-1000215

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution...

CVE-2008-7319

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used...

CVE-2008-7319

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used...

Jenkins Multiple Vulnerabilities (Oct 2017) - Windows

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

Jenkins Multiple Vulnerabilities (Oct 2017) - Linux

Jenkins is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:jenkins:jenkins"; ifdescription...

Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability

Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4010-1] git-annex security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4010-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 30, 2017 https://www.debian.org/security/faq -...

Debian DSA-4009-1 : shadowsocks-libev - security update

Niklas Abel discovered that insufficient input sanitising in the ss-manager component of shadowsocks-libev, a lightweight socks5 proxy, could result in arbitrary shell command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...

Debian: Security Advisory (DSA-4009-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-P673-HJF2-PWFR Shell command injection in command_wrap

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

Shell command injection in command_wrap

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

Debian DLA-1122-1 : asterisk security update

A security vulnerability was discovered in Asterisk, an Open Source PBX and telephony toolkit, that may lead to unauthorized command execution. The appminivm module has an 'externnotify' program configuration option that is executed by the MinivmNotify dialplan application. The application uses t...

Debian DLA-1120-1 : git security update

joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support ha...

[SECURITY] [DLA 1120-1] git security update

Package : git Version : 1:1.7.10.4-1+wheezy6 CVE ID : CVE-2017-14867 Debian Bug : 876854 joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The...

Debian DSA-3984-1 : git - security update

joernchen discovered that the git-cvsserver subcommand of Git, a distributed version control system, suffers from a shell command injection vulnerability due to unsafe use of the Perl backtick operator. The git-cvsserver subcommand is reachable from the git-shell subcommand even if CVS support ha...