Foscam IP Video Camera CGIProxy.fcgi SMTP Test Command Injection Vulnerability(CVE-2017-2845)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tes...

CVE-2017-2828

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...

Command injection

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...

CVE-2017-2827

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...

CVE-2017-2828

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...

ownCloud: SMB User Authentication Bypass and Persistence

Authentication Bypass ================== The external user authentication app in OwnCloud does not properly authenticate against an SMB server. In it's current implementation, the file owncloud/apps/userexternal/lib/smb.php, line 46-47 uses the command smbclient -L //host/dummy -Uuser%pass, where...

ImageMagick Unauthorized File Deletion (CVE-2016-3715)

A file deletion vulnerability has been reported in ImageMagick. The vulnerability is due to insufficient filtering of shell characters. A remote attacker may exploit this issue by sending a crafted request containing such characters. Successful exploitation would allow attackers to delete files i...

ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)

Exploit for multiple platform in category dos / poc Nikolay Ermishkin from the Mail.Ru Security Team discovered several vulnerabilities in ImageMagick. We've reported these issues to developers of ImageMagick and they made a fix for RCE in sources and released new version 6.9.3-9 released...

Internet Bug Bounty: Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)

The 1 EPHEMERAL, 2 HTTPS, 3 MVG, 4 MSL, 5 TEXT, 6 SHOW, 7 WIN, and 8 PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." See also:...

foomatic-rip Arbitrary Command Execution Vulnerability

Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...

cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

SUSE-SU-2016:0112-1 Security update for foomatic-filters

This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters bsc957531. CVE-2015-8560: fixed code execution via improper escaping of ; bsc957531...

cups-filters code execution

cups-browsed shell characters vulnerability...

xdg-open code execution

Code execution because of insufficient shell characters filtering in protocol handlers...

condor code execution

Unfiltered shell characters on mailx invocation...

Centreon SQL and Command Injection

Merethis Centreon 2.5.1版本和Centreon Enterprise Server 2.2版本中存在SQL注入漏洞，该漏洞源于以下脚本没有充分过滤参数： views/graphs/common/makeXMLListMetrics.php脚本没有充分过滤‘indexid’参数； views/graphs/GetXmlTree.php脚本没有充分过滤‘sid’参数；...

wpa_supplicant shell characters vulnerability

Insufficient character filtering...

Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...

cups-filters code execution

cups-browsed shell characters vulnerabiilty...