Exploit for Weak Password Recovery Mechanism for Forgotten Password in Djangoproject Django

djangocve201919844poc PoC for CVE-2019-19844https://www...

CVE-2019-8513

CVE-2019-8513 affects macOS Mojave Time Machine prior to 10.14.4; a local user could execute arbitrary shell commands. The issue is fixed in macOS Mojave 10.14.4 via improved checks. Apple documentation confirms Time Machine-related vulnerability and patch, with related entries noting local-execu...

EulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2645)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pchwriteline in pch.c can possibly lead to DoS via a crafted input...

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands...

CVE-2014-0163

CVE-2014-0163 affects OpenShift and is caused by unsanitized data being passed into shell commands, leading to shell command injection. According to NVD, the CVSS v3.1 base score is 8.8 (HIGH) with Network attack vector, low attack complexity, privileges required: LOW, and user interaction: NONE;...

CVE-2013-0293

oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...

NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0223)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style...

ALPINE-CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...

CVE-2019-18934

A shell command injection vulnerability was discovered in the way unbound handles DNS queries for systems with a public key used for IPsec. When ipsecmod is enabled, a malicious DNS server could send a DNS reply which would be used during a following DNS query to execute shell commands with the...

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)

Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source Version: 0.11.10...

EulerOS 2.0 SP5 : patch (EulerOS-SA-2019-2219)

According to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for...

RHEL 7 : patch (RHSA-2019:3757)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3757 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...

CVE-2013-1751

TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT%' parameter value containing Perl backtick characters...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

patch: OS shell command injection when processing crafted patch files

A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...

Exploit for Command Injection in Radare Radare2

CVE-2019-14745 weaponized radare2 vulnerability CVE-2019-1474...

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...

CVE-2005-3056

TWiki allows arbitrary shell command execution via the Include function...