1764 matches found
CVE-2015-1427
CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...
Design/Logic Flaw
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...
CVE-2014-7288
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action...
Mandriva Linux Security Advisory : nail (MDVSA-2015:011)
Updated nail package fixes security vulnerabilities : A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command...
nginx-0.6.38-Heap
A quick way to find out just for verification would be to launch nginx, attach GDB to the worker and target it with the exploit, setting the offset to 0, or some other arbitrary value. It should crash on a piece of code which import os import sys import socket import select import struct import...
IBM Network Security Protection XGS Remote Code Execution (swg21690823) (credentialed check)
The firmware version installed on the remote IBM XGS appliance does not properly sanitize certain user-supplied inputs which can allow a remote, authenticated attacker to execute shell commands with the privileges of the 'www-data' user via a standard HTTP request. C Tenable Network Security, Inc...
Debian DSA-3104-1 : bsd-mailx - security update
It was discovered that bsd-mailx, an implementation of the 'mail' command, had an undocumented feature which treats syntactically valid email addresses as shell commands to execute. Users who need this feature can re-enable it using the 'expandaddr' in an appropriate mailrc file. This update also...
RHEL 6 / 7 : mailx (RHSA-2014:1999)
The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:1999 advisory. The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the...
DLA-113-1 bsd-mailx - security update
Bulletin has no description...
CentOS 6 / 7 : mailx (CESA-2014:1999)
Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
Scientific Linux Security Update : mailx on SL6.x, SL7.x i386/x86_64 (20141216)
A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771, CVE-2014-7844...
mailx: command execution flaw
A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters CVE-2004-2771 and the direct command execution functionality CVE-2014-7844...
Moderate: Red Hat Security Advisory: mailx security update
Updated mailx packages that fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
[SECURITY] [DSA 3104-1] bsd-mailx security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3104-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3105-1 (heirloom-mailx - security update)
Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the mail command: CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell...
Advantech EKI-6340 code execution
Shell commands injection in Web interface...
Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability (Cisco-SA-20131115-CVE-2013-5556)
A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)
A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...
OpenSSH < 6.6 SFTP (x64) - Command Execution
define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include include include include include include define mina,b ab?a:...
Important: Red Hat Security Advisory: bash Shift_JIS security update
Updated September 30, 2014 This advisory has been updated with information on restarting system services after applying this update. No changes have been made to the original packages. Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and ...