906 matches found
CVE-2021-3515
CVE-2021-3515 corresponds to a shell-injection flaw in the pglogical extension for PostgreSQL. Affected versions are before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges can craft a database name that enables execution of shell commands as the postgresql user during pglogical.crea...
CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
CVE-2021-3515
A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
CVE-2021-3515
A shell injection flaw was found in pglogical, logical replication extension for PostgreSQL. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.createsubscription...
VulnCheck KEV: CVE-2020-16846
SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API...
SUSE: Security Advisory (SUSE-SU-2017:2320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Input validation
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
CVE-2021-24209 WP Super Cache < 1.7.2 - Authenticated Remote Code Execution (RCE)
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
CVE-2021-24209
CVE-2021-24209 affects the WP Super Cache WordPress plugin prior to 1.7.2. It enables an authenticated (admin+) RCE via the Settings → Cache Location option due to input validation failure and a weak $cache_path check, with direct access to wp-cache-config.php permitting web shell injection. Rela...
PT-2021-15754 · WordPress · Wp Super Cache
Name of the Vulnerable Software and Affected Versions: WP Super Cache versions prior to 1.7.2 Description: The issue is related to an authenticated remote code execution RCE in the settings page of the WP Super Cache WordPress plugin. This is due to a failure in input validation and a weak check ...
WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution (Authenticated)
Exploit Title: WordPress Plugin WP Super Cache 1.7.1 - Remote Code Execution Authenticated Google Dork: inurl:/wp-content/plugins/wp-super-cache/ Date: 2021-03-13 Exploit Author: m0ze Version: Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this...
SaltStack < 3002.5 Multiple Vulnerabilities
According to its self-reported version number, the instance of SaltStack hosted on the remote server is affected by multiple vulnerabilities: - The Salt-APIâs SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...
CVE-2021-21384
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Securi...
CVE-2021-21384
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Securi...
Sql injection
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Securi...
Command Injection
Overview Impact Anyone using shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a null character into the payload. For example on Windows: javascript const cp = require"childprocess"; const shescape = require"shescape"; con...
CVE-2021-21384 Null characters not escaped in shescape
shescape is a simple shell escape package for JavaScript. In shescape before version 1.1.3, anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a into the payload. For an example see the referenced GitHub Securi...
GHSA-F2RP-38VG-J3GH Null characters not escaped
Impact Anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a null character into the payload. For example on Windows: javascript const cp = require"childprocess"; const shescape = require"shescape"; const nullCh...
Null characters not escaped
Impact Anyone using Shescape to defend against shell injection may still be vulnerable against shell injection if the attacker manages to insert a null character into the payload. For example on Windows: javascript const cp = require"childprocess"; const shescape = require"shescape"; const nullCh...
FreeBSD : salt -- multiple vulnerabilities (a1e03a3d-7be0-11eb-b392-20cf30e32f6d)
SaltStack reports multiple security vulnerabilities in Salt - CVE-2021-3197: The Salt-API.s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request. - CVE-2021-25281: The Salt-API does not have eAuth credentials for the...