51 matches found
shescape command injection vulnerability
shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection . A command injection vulnerability exists in versions of shescape prior to 1.1.3, which can be exploited by an attacker to insert a...
shescape 参数注入漏洞
shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection . A command injection vulnerability exists in versions of shescape prior to 1.1.3, which can be exploited by an attacker to insert a...
SCPOnly 2.3/2.4 SSH Environment Shell Escaping Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5526/info scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems. The default installation of scponly does not place sufficient access controls on th...
openSUSE Security Update : cacti (openSUSE-SU-2013:1377-1)
cacti was updated to version 0.8.8b to fix security issues and bugs. - Fixes CVE-2013-1434 CVE-2013-1435 - security: SQL injection and shell escaping issues - bug: Fixed issue with custom data source information being lost when saved from edit - bug: Repopulate the poller cache on new installatio...
Fedora 20 : cacti-0.8.8b-5.fc20 (2014-4892)
Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. Note that Tenable Network Security has extracted the preceding description block directly from the...
Fedora 19 : cacti-0.8.8b-5.fc19 (2014-4928)
Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. Note that Tenable Network Security has extracted the preceding description block directly from the...
FreeBSD : cacti -- multiple vulnerabilities (e02e6a4e-6b26-11df-96b2-0015587e2cc1)
Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows : - SQL injection and shell escaping issues - Cross-site scripting issues - Cacti Graph Viewer SQL injection vulnerability %NASLMINLEVEL 70300 C...
cacti -- multiple vulnerabilities
Multiple vulnerabilities have been reported to exist in older version of Cacti. The release notes of Cacti 0.8.7f summarizes the problems as follows: SQL injection and shell escaping issues Cross-site scripting issues Cacti Graph Viewer SQL injection vulnerability...
CVE-2008-3074
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" exclamation point shell metacharacter in 1 the filename of a tar archive and possibly 2 the filename of the first file in a tar archive, which is not properly...
ibsh Iron Bars SHell Format String Vulnerability format string bug
Format string bug allows restricted shell escaping...
Bugzilla multiple bugs
SQL injection, shell escaping problems, information leakage...