ExifTool DjVu ANT Perl Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ExifTool DjVu ANT Perl injection', 'Description' = %q This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifToo...

ExifTool DjVu ANT Perl Injection Exploit

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF...

Command injection

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

PYSEC-2021-101

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2021-29369

The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacters in Gnuplot commands...

SUSE SLES15 Security Update : cifs-utils (SUSE-SU-2021:1455-1)

This update for cifs-utils fixes the following security issues : CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issues :...

Security update for cifs-utils (important)

openSUSE Security Update: Security update for cifs-utils Announcement ID: openSUSE-SU-2021:0639-1 Rating: important References: 1152930 1174477 1183239 1184815 Cross-References: CVE-2020-14342 CVE-2021-20208 CVSS scores: CVE-2020-14342 NVD : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H...

openSUSE: Security Advisory for cifs-utils (openSUSE-SU-2021:0639-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:0639-1 Security update for cifs-utils

This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issue...

SUSE-SU-2021:1455-1 Security update for cifs-utils

This update for cifs-utils fixes the following security issues: - CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. bsc1183239 - CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. bsc1174477 This update for cifs-utils fixes the following issue...

SUSE: Security Advisory (SUSE-SU-2014:1658-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:2728-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-22177

Removed by vendor...

VulnCheck KEV: CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...

NEC Multiple Products Operating System Command Injection Vulnerability

The NEC UNIVERGE SV8500 and NEC UNIVERGE SV9500 are both an IP phone device from NEC Corporation of Japan. A security vulnerability exists in multiple NEC products that could allow a remote attacker to execute arbitrary shell commands on the target system. The following products and versions are...

CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

CVE-2020-12149

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

CVE-2020-12149 OS Command Injection - Management File Upload

The configuration backup/restore function in Silver Peak Unity ECOSTM ECOS appliance software was found to directly incorporate the user-controlled config filename in a subsequent shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. This...

Virtuozzo 7 : patch (VZLSA-2019-2964)

An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

SUSE SLED15 / SLES15 Security Update : cifs-utils (SUSE-SU-2020:2729-1)

This update for cifs-utils fixes the following issues : CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs bsc1174477. Fixed an invalid free in mount.cifs; bsc1152930. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...