1764 matches found
Privilege escalation
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS FOS releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected...
Input validation
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...
CVE-2017-8799
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...
CVE-2017-8799
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...
EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1029)
According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could...
EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1021)
According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attack...
CVE-2017-7692
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
CVE-2017-8220
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...
Remote code execution
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...
CVE-2017-8220
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...
SquirrelMail -- post-authentication remote code execution
SquirrelMail developers report: SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote...
Horde Webmail < 5.2.19 RCE Vulnerability
The HordeCrypt library used in Horde Webmail is prone to a remote code execution RCE vulnerability if the PGP feature is enabled. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
BrainDamage - A fully featured backdoor that uses Telegram as a C&C server
A python based backdoor which uses Telegram as C&C server. /\ /.\ ,.-'/ ",'-., -^ /-^: | \ | \ | | | | | | | | Coded by: Mehul [email protected] -- Github: https://github.com/mehulj94 -- Twitter: https://twitter.com/wayfarermj -- For windows only | | | | | | | | | / / | | | | | '/ / |...
Fedora 25 : php-pear-PHP-CodeSniffer (2017-ca3f01bd37)
Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...
Fedora 24 : php-pear-PHP-CodeSniffer (2017-aaf92c483c)
Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
Struts-Apache-ExploitPack These are just some scripts which yo...
New Struts2 Remote Code Execution exploit caught in the wild
Two days ago Apache has published a fix for the new Remote Code Execution vulnerability in Struts2. Struts2 RCE attacks in the wild This vulnerability allows attacker to execute arbitrary Java code on the application server. We can confirm that caught the first exploit for this vulnerability from...
Fully Featured Backdoor – Telegram C&C: BrainDamage
A python based backdoor which uses Telegram as C&C server. Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree...
Dell SonicWall Secure Remote Access Server Command Injection Vulnerability (CNVD-2017-02473)
Dell SonicWall Secure Remote Access is a SonicWALL Secure Remote Access Series appliance within the Dell SonicWall Secure Mobile Access solution. An input validation vulnerability in the viewcert CGI /cgi-bin/viewcert component of the web management interface of Dell SonicWall Secure Remote Acces...
Design/Logic Flaw
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known...