1764 matches found
Struts2Shell - Interactive Shell Command to Exploit Apache Struts CVE-2017-5638
Improves manipulation and sending commands to the vulnerable Apache Struts server using a shell. Usage: python Struts2Shell.py Download Struts2Shell...
CVE-2016-5483: use mysqldump to backup can generate Backdoor-vulnerability warning-the black bar safety net
Foreword mysqldump is used to create a MySQL database, logical backup is a commonly used tool. It is in the default configuration, you can generate one. sql file containing the create/delete tables and insert data. In import the dump file, an attacker may be manufactured by a malicious table name...
CVE-2017-3806
A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known...
CVE-2010-5327
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...
Debian DSA-3746-1 : graphicsmagick - security update (ImageTragick)
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based...
Debian Security Advisory DSA 3746-1 (graphicsmagick - security update)
Several vulnerabilities have been discovered in GraphicsMagick, a collection of image processing tool, which can cause denial of service attacks, remote file deletion, and remote command execution. This security update removes the full support of PLT/Gnuplot decoder to prevent Gnuplot-shell based...
mysql: Incorrect input validation allowing code execution via mysqldump
It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...
Less.js Untrusted File Compilation / Code Execution
Advisory: Less.js: Compilation of Untrusted LESS Files May Lead to Code Execution through the JavaScript Less Compiler RedTeam Pentesting discovered behaviour in the Less.js compiler, which allows execution of arbitrary code if an untrusted LESS file is compiled. Details ======= Product: Less...
CVE-2016-6459
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0...
Command injection
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0...
CVE-2016-6459
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0...
CVE-2016-6459
Cisco TelePresence endpoints running CE or TC software are vulnerable to a local shell command injection when input is not properly sanitized. An authenticated, local attacker could exploit this to execute arbitrary commands. Fixed releases are 6.3.4, 7.3.7, 8.2.2, and 8.3.0. Affected releases in...
Observium Remote Command Execution Vulnerability
During a recent penetration test Computest found and exploited various issues in Observium, going from unauthenticated user to full shell access as root. Summary: Unauthenticated remote command execution as root Affected software: Observium Affected versions: Versions downloaded before 26-10-2016...
git-fastclone command execution vulnerability
git-fastclone is a set of tools for cloning git. A command execution vulnerability exists in git-fastclone versions prior to 1.0.5, which stems from a program passing a user-modified string directly to a shell command. The vulnerability can be exploited to execute malicious commands by modifying...
CVE-2015-8968
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
Command injection
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
CVE-2015-8968
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
CVE-2015-8968
CVE-2015-8968 affects git-fastclone prior to 1.0.1, enabling arbitrary shell command execution via .gitmodules when cloning recursively or updating submodules. The exploit occurs through ext helper URLs (git-remote-ext) embedded in submodules, allowing command execution either over cloned repos o...
Samba 3.0.0 <= 3.0.25rc3 MS-RPC Remote Shell Command Execution Vulnerability - Version Check
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
cfme: Incorrect sanitization in regular expression engine
An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via both the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the...