OTRS 5.0.x/6.0.x - Remote Command Execution (1)

Exploit Title: OTRS 5.0.x/6.0.x - Remote Command Execution 1 Date: 21-01-2018 Exploit Author: Bæln0rn Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-169...

GLSA-201801-18 : Newsbeuter: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201801-18 Newsbeuter: User-assisted execution of arbitrary code Newsbeuter does not properly escape shell meta-characters in the title and description of RSS feeds when bookmarking. Impact : A remote attacker, by enticing a user t...

Newsbeuter: User-assisted execution of arbitrary code

Background Newsbeuter is a RSS/Atom feed reader for the text console. Description Newsbeuter does not properly escape shell meta-characters in the title and description of RSS feeds when bookmarking. Impact A remote attacker, by enticing a user to open a feed with specially crafted URLs, could...

[SECURITY] [DLA 1237-1] plexus-utils2 security update

Package : plexus-utils2 Version : 2.0.5-1+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject...

[SECURITY] [DLA 1236-1] plexus-utils security update

Package : plexus-utils Version : 1:1.5.15-4+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to injec...

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

FreeBSD : OTRS -- Multiple vulnerabilities (cebd05d6-ed7b-11e7-95f2-005056925db4)

OTRS reports : An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal...

Debian DLA-1212-1 : otrs2 security update

Four vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. For Debian 7 'Wheezy', these problems have been fixed in version 3.3.18-1deb7u2. We recommend that you upgrade your...

[SECURITY] [DLA 1212-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1deb7u2 CVE ID : CVE-2017-15864 CVE-2017-16664 CVE-2017-16854 CVE-2017-16921 Four vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. For...

[SECURITY] [DSA 4066-1] otrs2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4066-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2017 https://www.debian.org/security/faq -...

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

UBUNTU-CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

Arbitrary Code Execution

squizlabs/PHPCodeSniffer is vulnerable to remote code execution RCE attacks. The library does not properly escape the filepath variable for the generateDiff function, allowing a malicious user to inject and execute arbitrary shell commands...

Arbitrary Code Execution

Smarty is vulnerable to arbitrary code execution. The library does not properly sanitize user parameters in the smartyfunctionmath function in the libs/plugins/function.math.php file. This can allow a malicious user to inject and execute arbitrary shell commands by passing a string with backticks...

Debian: Security Advisory (DSA-4047-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...