153 matches found
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
SUSE CVE-2008-2405
Sun Java Active Server Pages ASP Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications...
SUSE CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
Command Injection
wwbn/avideo is vulnerable to Command Injection. The vulnerability exists because security.php does not escape shell characters, allowing an attacker to inject and execute malicious commands when embedding a video link...
PT-2023-10019 · Unknown · Flash Tool
Name of the Vulnerable Software and Affected Versions: flash tool gem versions prior to 0.6.0 Description: The issue allows command execution via shell metacharacters in the name of a downloaded file. It is triggered during the handling of downloaded files that contain shell characters, enabling ...
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
OS Command Injection
emacs is vulnerable to OS Command Injection. The vulnerability exists in multiple functions of etags.c due to the implementation of the ctags commands which allows an attacker to inject and execute arbitrary commands via shell meta characters...
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
(CVE-2022-1292) - The c_rehash script allows command injection. (BSA-2022-1846)
Security Advisory ID: BSA-2022-1846 Component: OpenSSL Revision: 2.0 The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an...
Command Injection
Overview async-git is a 👾 Retrieve data from current git repository Affected versions of this package are vulnerable to Command Injection via shell meta-characters back-ticks. For example: git.reset'atouch HACKEDb' Remediation Upgrade async-git to version 1.13.2 or higher. References - GitHub...
RaspberryTortoise WebControl Injection Vulnerability
RaspberryTortoise is a software package for programming robotic vehicles.WebControl is one of the web-based controllers. An injection vulnerability exists in WebControl in RaspberryTortoise on 2012-10-28 and earlier, which stems from the program failing to properly validate strings and can be...
CVE-2019-12328
A command injection missing input validation issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request...
VulnCheck KEV: CVE-2018-20841
HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mactable request...
PT-2019-11969 · Grandstream · Grandstream Gwn7000
Name of the Vulnerable Software and Affected Versions: Grandstream GWN7000 versions prior to 1.0.6.32 Description: The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a "/ubus/uci.apply" update nds webroot from tmp API call...
CVE-2018-16744
An issue was discovered in mgetty before 1.2.1. In faxnotifymail in faxrec.c, the mailto parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. Mitigation Make sure the notify option in /etc/mgetty+sendfax/mgetty.config does not...
CVE-2018-7235
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...