Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers

Cybersecurity researchers have discovered a new critical vulnerability CVE-2020-7247 in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was...

OpenSMTPD 6.6.1 - Remote Code Execution

Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...

OpenBSD OpenSMTPD Privilege Escalation / Code Execution Vulnerabilities

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 commit a8e222352f, "switch smtpd to new grammar" and allows an attacker to execute arbitrary shell commands, as root. OpenBSD OpenSMTPD Privilege Escalation / Code Execution...

OpenBSD OpenSMTPD Privilege Escalation / Code Execution

Qualys Security Advisory LPE and RCE in OpenSMTPD CVE-2020-7247 ============================================================================== Contents ============================================================================== Summary Analysis Exploitation Acknowledgments...

CVE-2013-2612

Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI...

CVE-2013-2612

Huawei E587 3G Mobile Hotspot (firmware 11.203.27) is affected by a command injection in the Web UI. The vulnerable HTTP endpoint is /api/device/time, where unsanitized input allows an attacker to execute arbitrary shell commands with root privileges. This CVE-2013-2612 entry is supported by mult...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2017-1176)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated radare2 packages fix security vulnerabilities

Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...

HomeAutomation v3.3.2 CSRF Remote Command Execution (PHP Reverse Shell) PoC

Summary HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use with the Telldus TellStick, but is now based on a plugin system and except for Tellstick it also comes with support for Crestron, OWFS and Z-Wave using OpenZWave. It controls your devices...

CVE-2019-8513

This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands...

CVE-2019-8513

This issue was addressed with improved checks. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to execute arbitrary shell commands...

FreeBSD : spamassassin -- multiple vulnerabilities (70111759-1dae-11ea-966a-206a8a720317)

the Apache Spamassassin project reports : An input validation error of user-supplied input parsing multipart emails. Specially crafted emails can consume all resources on the system. A local user is able to execute arbitrary shell commands through specially crafted nefarious CF files. C Tenable...

PT-2020-9609 · Ksh +3 · Ksh +3

Name of the Vulnerable Software and Affected Versions: ksh version 20120801 Description: A flaw was found in the way ksh evaluates certain environment variables, allowing an attacker to override or bypass environment restrictions to execute shell commands. Services and applications that allow...

Command injection

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands...

CVE-2014-0163

Openshift has shell command injection flaws due to unsanitized data being passed into shell commands...

spamassassin -- multiple vulnerabilities

the Apache Spamassassin project reports: An input validation error of user-supplied input parsing multipart emails. Specially crafted emails can consume all resources on the system. A local user is able to execute arbitrary shell commands through specially crafted nefarious CF files...

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

Remote code execution

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...

CVE-2019-19609

The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function...