1764 matches found
[SECURITY] [DSA 3934-1] git security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3934-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3932-1] subversion security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3932-1 [email protected] https://www.debian.org/security/ Sebastien Delafond August 10, 2017 https://www.debian.org/security/faq -...
UBUNTU-CVE-2017-9800
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...
CVE-2017-11566
AppUse 4.0 allows shell command injection via a proxy field...
Command injection
AppUse 4.0 allows shell command injection via a proxy field...
CVE-2017-11566
AppUse 4.0 allows shell command injection via a proxy field...
CVE-2017-11566
AppUse 4.0 allows shell command injection via a proxy field...
CVE-2017-11566
CVE-2017-11566 concerns AppUse 4.0, where a vulnerability exists in a proxy field that enables shell command injection. The issue is documented with CVSS scores (2.0/3.1) indicating a high-severity, locally exploitable flaw that could allow complete confidentiality, integrity, and availability im...
F5 Networks BIG-IP : SSHD session.c vulnerability (K93532943)
Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the 1 doauthenticated1 and 2 sessionx11req functions. CVE-2016-3115 C Tenable Network...
Fedora 26 : php-pear-PHP-CodeSniffer (2017-b85d51cc47)
Version 3.0.1 - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrade to...
Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...
Command injection
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
CVE-2017-9828
CVE-2017-9828 affects VIVOTEK Network Cameras (notably IB8369/FD8164/FD816BA). The web service CGI /cgi-bin/admin/testserver.cgi is vulnerable to shell command injection, allowing remote execution of commands as root via a crafted HTTP request. An attack uses shell metacharacters in the senderema...
UBUNTU-CVE-2015-9059
picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely...
Design/Logic Flaw
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST request with a program...
CVE-2017-9135
The CVE-2017-9135 entry concerns Mimosa Client Radios and Mimosa Backhaul Radios prior to version 2.2.4. The issue lies in a backend web‑interface diagnostic feature that is not shown on the web UI but accessible via a crafted POST request (e.g., curl). One such test does not properly sanitize us...
Updated ghostscript packages fix security vulnerability
Various userparams in Ghostscript allow %pipe% in paths, allowing remote shell command execution CVE-2016-7976. The .libfile function in Ghostscript doesn't check PermitFileReading array, allowing remote file disclosure CVE-2016-7977. Reference leak in the .setdevice function in Ghostscript allow...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
StrutsShell Apache Struts CVE-2017-5638 Shell Introducti...