1764 matches found
IBM Spectrum Copy Data Management 操作系统命令注入漏洞
IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, has a security vulnerability that stems from the fact that the Spectrum Copy Data Management management console login and upload credentials function incorrectly...
CVE-2021-36195
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted...
Victure WR1200 OS Command Injection Vulnerability
The Victure WR1200 is a router. The Victure WR1200 1.0.3 and prior versions are vulnerable to OS command injection, which can be exploited by attackers to inject arbitrary shell commands using valid credentials...
Efm Networks IpTime C200 Camera 安全漏洞
The Efm Networks IpTime C200 Camera is a webcam from the Korean company Efm Networks. The Efm Networks IpTime C200 Camera suffers from a security vulnerability that allows a remote attacker to send crafted parameters to an exposed web service interface that can invoke arbitrary shell commands...
UBUNTU-CVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...
UBUNTU-CVE-2021-42375
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...
Privilege Escalation
github.com/fluxcd/kustomize-controller is vulnerable to privilege escalation. Users with privilege to create Kubernetes Secrets, Service Accounts and Flux Kustomization objects is allowed to use kustomize-controller to execute shell commands on the container OS via embedding a shell script in a...
BusyBox 代码问题漏洞
BusyBox is a suite of applications containing several linux commands and tools from the Ukrainian personal developer Denis Vlasenko. A code issue vulnerability exists in the Busybox hush applet, which stems from the fact that dereferencing the NULL pointer in Busybox's hush applet will result in ...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
LPAR2RRD 操作系统命令注入漏洞
Xorux LPAR2RRD is a server monitoring tool from the Czech company Xorux. A security vulnerability in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD versions prior to 7.30 can be exploited by an attacker to execute arbitrary shell commands while a user is running a service...
Tor-Rootkit - A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor
A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get's established over the tor network. Disclaimer Use for educational purposes only. How to use 1. Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.git cd ./tor-rootkit 2. Build...
Sophos UTM WebAdmin SID Command Injection
This module exploits an SID-based command injection in Sophos UTM's WebAdmin interface to execute shell commands as the root user. Module Options msf use exploit/linux/http/sophosutmwebadminsidcmdinjection msf exploitsophosutmwebadminsidcmdinjection show targets ...targets... msf...
Sophos UTM WebAdmin SID Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sophos UTM WebAdmin SID Command Injection', 'Description' = %q This module exploits an SID-based command injection in Sophos UTM's WebAdmin...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ImageMagick Vulnerability (NS-SA-2021-0100)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ImageMagick packages installed that are affected by a vulnerability: - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF...
NewStart CGSL CORE 5.05 / MAIN 5.05 : ImageMagick Vulnerability (NS-SA-2021-0186)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ImageMagick packages installed that are affected by a vulnerability: - ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF...
CVE-2021-31358
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...
CVE-2021-31358
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...
CVE-2021-31357
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...
Command injection
A command injection vulnerability in tcpdump command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability...
CVE-2021-31358 Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script
A command injection vulnerability in sftp command processing on Juniper Networks Junos OS Evolved allows an attacker with authenticated CLI access to be able to bypass configured access protections to execute arbitrary shell commands within the context of the current user. The vulnerability allow...