PT-2018-5676 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the MMM::Agent::Helpers::Network::send arp function, resulting in arbitrary comma...

Exim base64d Remote Code Execution

!/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; [email protected]" print def connecthost, port: global s global f s = socket.createconnectionhost,port f = s.makefile'rw', bufsize=0 def p...

Node.js third-party modules: `command-exists` concatenates unsanitized input into exec()/execSync() commands

I would like to report command injection in command-exists. It allows to inject and execute arbitrary shell commands while trying to determine if a crafted command exists. Module module name: command-exists version: 1.2.2 npm page: https://www.npmjs.com/package/command-exists Module Description...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

UBUNTU-CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

CVE-2017-9274 osc executes spec code during "osc commit"

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

CVE-2017-9274

CVE-2017-9274 describes a shell command injection in the OpenBuild/OpenSUSE component obs-service-source_validator (before version 0.7 ). The underlying issue allows an attacker to execute arbitrary code as the packager when validating RPM SPEC files that use specific macro constructs. Multiple c...

Node.js third-party modules: `macaddress` concatenates unsanitized input into exec() command

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report code injection i...

CVE-2018-6941

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS...

[ASA-201802-4] plasma-workspace: arbitrary command execution

Arch Linux Security Advisory ASA-201802-4 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2018-6791 Package : plasma-workspace Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-607 Summary ======= The package...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

UBUNTU-CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

Debian: Security Advisory (DLA-1104-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000502

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...

IRIX - execve (/bin/sh -c) Shellcode (72 bytes)

char cmdshellcode= "\x04\x10\xff\xff" / bltzal $zero, / "\x24\x02\x03\xf3" / li $v0,1011 / "\x23\xff\x08\xf4" / addi $ra,$ra,2292 / "\x23\xe4\xf7\x40" / addi $a0,$ra,-2240 / "\x23\xe5\xfb\x24" / addi $a1,$ra,-1244 / "\xaf\xe4\xfb\x24" / sw $a0,-1244$ra / "\x23\xe6\xf7\x48" / addi $a2,$ra,-2232 /...

OTRS Arbitrary Command Execution Vulnerability

OTRS Open-source Ticket Request System is a set of open source defect tracking and management system software from OTRS Group in Germany. The software categorizes service requests submitted through various channels such as phone calls, emails, etc. into different queues and service levels, and th...

Zoom Linux Client 2.0.106600.0904 - Command Injection

Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...