CVE-2021-26089

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...

CVE-2021-26089

An improper symlink following in FortiClient for Mac 6.4.3 and below may allow an non-privileged user to execute arbitrary privileged shell commands during installation phase...

Advisory ROSA-SA-2021-1860

Software: ksh 20120801 OS: Cobalt 7.9 CVE-ID: CVE-2019-14868 CVE-Crit: HIGH CVE-DESC: a bug was discovered in ksh version 20120801 in the way certain environment variables are evaluated. An attacker could exploit this vulnerability to override or bypass environment restrictions to execute shell...

Hitachi Virtual File Platform 操作系统命令注入漏洞

Hitachi Virtual File Platform is a virtual file platform from Hitachi, Japan. Hitachi Virtual File Platform suffers from an operating system command injection vulnerability that stems from incorrect input validation. A remotely authenticated attacker could pass specially crafted data to the...

CVE-2021-26471

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

CVE-2021-26471

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

Command injection

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

CVE-2021-26471 Unauthenticated remote command execution in Vembu products

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

Cisco HyperFlex HX Data Platform Command Execution

This module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexhxdataplatformcmdexec msf exploitciscohyperflexhxdataplatformcmdexec show...

Cisco HyperFlex HX Data Platform Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...

DNS-Black-Cat(DBC) - Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell...

PT-2021-4271 · Pglogical · Pglogical

Name of the Vulnerable Software and Affected Versions: pglogical versions before 2.3.4 pglogical versions before 3.6.26 Description: The issue is related to a lack of input data sanitization in the pglogical system, which can be exploited to gain access to confidential data, compromise data...

PostgreSQL 操作系统命令注入漏洞

PostgreSQL is a free object-relational database management system from the Postgresql organization. The system supports most SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL, which stems from the fact that a...

StackLift LocalStack Command Injection Vulnerability

StackLift LocalStack is a StackLift open source application. Provides an easy-to-use testing framework for cloud applications. A command injection vulnerability exists in StackLift LocalStack version 0.12.6, which can be exploited by an attacker to inject arbitrary shell commands via the...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

Command injection

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...