Zyxel NAS 326 Shell Metacharacter Injection Vulnerability

Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel Hopscotch. A Shell metacharacter injection vulnerability exists in the package installer in Zyxel NAS 326 5.21 and earlier versions. An authenticated attacker can exploit this vulnerability to execute arbitrary code via multipl...

CVE-2018-17565

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a syst...

PT-2019-18568 · Systrome · Systrome Cumilon

Name of the Vulnerable Software and Affected Versions: Systrome Cumilon devices with firmware V1.1-R2.1 TRUNK-20181105.bin Description: A shell command injection issue occurs when editing the description of an ISP file due to improper validation of user input in the file network/isp/isp update...

python-gnupg vulnerable to shell injection

python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shellquote function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

GHSA-VCR5-XR9H-MVC5 python-gnupg vulnerable to shell injection

python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shellquote function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...

mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities. Multiple Vulnerabilities in mgetty ================================== Overview - -------- Confirmed Affected Versions: 1.2.0 Patched Versions: 1.2.1 Vendor: mgetty...

UBUNTU-CVE-2018-10932

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal...

Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear

Smart-city technology continues to roll out in municipalities worldwide – everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. However, like the rest of the Internet of Things IoT ecosystem, security is always a concern, as...

GitList v0.6.0 Argument Injection Vulnerability

This module exploits an argument injection vulnerability in GitList v0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'. This module requires Metasploit: https://metasploit.com/download Current source:...

Axis Network Camera Multiple Vulnerabilities (Jun 2018)

Axis Network Cameras is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Shell injection in CLI 'support execute' command affect IBM Security Guardium (CVE-2016-9974)

Summary IBM Security Guardium Database Activity Monitor could allow a locally authenticated attacker to execute arbitrary commands on the system. Vulnerability Details CVEID: CVE-2016-9974 DESCRIPTION: IBM Security Guardium Database Activity Monitor could allow a locally authenticated attacker to...

DEBIAN-CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

UBUNTU-CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15512)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...

CVE-2017-14477

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14474

In the MMM::Agent::Helpers::execute function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An attacker that can...

CVE-2017-14474

In the MMM::Agent::Helpers::execute function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An attacker that can...

PT-2018-5671 · Mysql Server · Mysql Multi-Master Replication Manager (Mmm) Mmm Agentd

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the add ip function, resulting in arbitrary command execution with the privileges...