CVE-2018-10823

CVE-2018-10823 affects several D-Link router models (DWR-116 up to 1.06, DWR-512 up to 2.02, DWR-712 up to 2.02, DWR-912 up to 2.02, DWR-921 up to 2.02, DWR-111 up to 1.01). An authenticated attacker can inject shell commands via the chkisg.htm Sip parameter, leading to arbitrary code execution a...

D-Link router httpd server shell command injection vulnerability

The DWR-116, DIR-140, and DIR-640 are all D-Link router products. A shell command injection vulnerability exists in several series of D-Link router httpd servers, where an authenticated attacker can inject shell commands into the Sip parameter of the chkisg.htm page to execute arbitrary code...

D-Link Routers - Command Injection

Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably...

CVE-2018-16509

It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. Mitigation ImageMagick relies on...

Node.js third-party modules: [apex-publish-static-files] Command Injection on connectString

I would like to report a command injection vulnerability in the apex-publish-static-files npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: apex-publish-static-files version: 2.0.0 npm page:...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

CVE-2018-3786

CVE-2018-3786 affects egg-scripts prior to 2.8.1. A crafted command line argument enables command injection, allowing arbitrary shell command execution. Impact, per sources, is remote code execution in affected setups; exploitability is via untrusted input passed to egg-scripts. Remediation: upgr...

Ghostscript - Multiple Vulnerabilities

Exploit for linux platform in category local exploits http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested t...

Ghostscript - Multiple Vulnerabilities

http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussion to oss-security. You might recall I...

Ghostscript - Multiple Vulnerabilities

Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussi...

Shell Command Injection

egg-scripts is vulnerable to shell command injection attacks. The attack exists because the library uses the execFile function which is not properly sanitized, allowing the attacker to inject malicious shell commands through command line argument...

Git-fastclone passes user modifiable strings directly to a shell command

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...

GHSA-MF6W-45CF-QHMP Git-fastclone passes user modifiable strings directly to a shell command

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...

GHSA-8GG6-3R63-25M8 git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

Node.js third-party modules: [ascii-art] Command injection

I would like to report a command injection vulnerability in the ascii-art npm module. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: ascii-art version: 1.4.3 npm page: https://www.npmjs.com/package/ascii-art Module Description...

Node.js third-party modules: [egg-scripts] Command injection

I would like to report a command injection vulnerability in egg-scripts. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: egg-scripts version: 2.6.0 npm page: https://www.npmjs.com/package/egg-scripts Module Description "deploy...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...