906 matches found
CVE-2017-2847
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP...
CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
CVE-2017-4961
An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell...
CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Versions Affected BOSH Release: 261.x versions prior to 261.3 All 260.x versions Description In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM...
Command Line Shell Injection
plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code...
Shell Injection in SourceTree for Mac
SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...
Shell Injection in SourceTree for Mac
SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...
Shell Injection
rack-perftoolsprofiler is vulnerable to shell injection attacks. A malicious user can inject and execute arbitrary shell code when passing arguments to the profiler...
Debian DLA-745-1 : most security update
The most pager can automatically open files compressed with gzip, bzip2 and in Debian LZMA. Alberto Garcia discovered that Debian's version of most was susceptible for a shell injection attack that could be exploited to run arbitrary commands on the user's computer. For Debian 7 'Wheezy', these...
[SECURITY] [DLA 745-1] most security update
Package : most Version : 5.0.0a-2.2 CVE ID : CVE-2016-1253 Debian Bug : 848132 The most pager can automatically open files compressed with gzip, bzip2 and in Debian LZMA. Alberto Garcia discovered that Debians version of most was susceptible for a shell injection attack that could be exploited to...
DLA-745-1 most - security update
Bulletin has no description...
PT-2020-5859 · Saltstack +3 · Saltstack Salt +3
Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to a lack of measures to neutralize special elements in the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker ...
FreeBSD : FreeBSD -- shell injection vulnerability in patch(1) (0c6759dd-600a-11e6-a6c3-14dae9d210b8)
Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to run commands in addition to the desired SCCS or RCS commands. Impact : This issue could be exploited to execute arbitrary commands as the user invoking patch1 against a specially crafted...
AXIS Authenticated 远程命令执行漏洞
来源:packetstormsecurity Technical Details The devtools.sh script is the responsible for vulnerability and it's 4 attack vectors through the following pages: http://xxx.xxx.xxx.xxx/applicense.shtml?app= http://xxx.xxx.xxx.xxx/applicensecustom.shtml?app= http://xxx.xxx.xxx.xxx/appindex.shtml?app=...
smarty3 -- shell injection in math
The smarty project reports: bugfix math shell injection vulnerability...
setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin
A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...
Red Hat Enterprise Linux shell command injection vulnerability
Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the setroubleshoot/auditdata.py file in RHEL version 7.2. An attacker can explo...
Red Hat Enterprise Linux setroubleshoot allow_execmod plugin shell command injection vulnerability
Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the allowexecmod plugin in RHEL's setroubleshoot. A local attacker could exploi...
Red Hat Enterprise Linux setroubleshoot allow_execstack plugin shell command injection vulnerability
Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the allowexecstack plugin in RHEL's setroubleshoot. A local attacker could...
Cisco Aironet Access Points Command Injection Vulnerability
The Cisco Aironet 1800/2800/3800 Series Access Points are small and medium-sized wireless network access point products. A security vulnerability exists in the command line interpreter of the Cisco Aironet 1800/2800/3800 Series Access Point. A local attacker can exploit this vulnerability to inje...