1765 matches found
Command injection
In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...
patch: do_ed_script in pch.c does not block strings beginning with a ! character
A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...
D-Link DIR-806 Code Injection Vulnerability
The D-Link DIR-806 is a wireless router from AUO D-Link of Taiwan, China. A code injection vulnerability exists in the D-Link DIR-806. A remote attacker can exploit this vulnerability to execute arbitrary shell commands...
Command injection
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnapmain, which calls system without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header...
CVE-2019-10891
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnapmain, which calls system without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header...
CVE-2019-10891
An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnapmain, which calls system without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header...
Debian: Security Advisory (DLA-1890-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sampler - A Tool For Shell Commands Execution, Visualization And Alerting (Configured With A Simple YAML File)
Sampler is a tool for shell commands execution, visualization and alerting. Configured with a simple YAML file. Installation macOS brew cask install sampler or curl -Lo /usr/local/bin/sampler https://github.com/sqshq/sampler/releases/download/v1.0.1/sampler-1.0.1-darwin-amd64 chmod +x...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ghostscript Multiple Vulnerabilities (NS-SA-2019-0035)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ghostscript packages installed that are affected by multiple vulnerabilities: - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent...
CVE-2019-14745
In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...
Command injection
In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...
UBUNTU-CVE-2019-14745
In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...
CVE-2019-14745
In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...
CVE-2019-14745
In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...
CVE-2019-14745
In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...
Command injection
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
CVE-2019-1914 Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
CVE-2019-1914 Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
CVE-2019-14260
On the Alcatel-Lucent Enterprise ALE 8008 Cloud Edition Deskphone VoIP phone with firmware 1.50.13, a command injection missing input validation issue in the password change field for the Change Password interface allows an authenticated remote attacker in the same network to trigger OS commands...