CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1821 matches found

OSV•added 2018/01/08 3:29 a.m.•4 views

CVE-2018-5071

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross...

5.4CVSS5.9AI score

Exploits0References1

Gentoo Linux•added 2018/01/07 12:0 a.m.•40 views

Back In Time: Command injection

Background A simple backup tool for Linux, inspired by “flyback project”. Description ‘Back in Time’ did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command leading to some parts of file paths being executed as shell commands within an os.system call. Impact A...

9.3CVSS7.9AI score0.01462EPSS

Exploits0

Mageia•added 2018/01/04 4:48 p.m.•30 views

Updated backintime packages fix security vulnerability

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

9.3CVSS3.6AI score0.01462EPSS

Exploits0References2

Tenable Nessus•added 2018/01/02 12:0 a.m.•38 views

FreeBSD : OTRS -- Multiple vulnerabilities (cebd05d6-ed7b-11e7-95f2-005056925db4)

OTRS reports : An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal...

9CVSS7.5AI score0.19901EPSS

Exploits8References9

Tenable Nessus•added 2017/12/20 12:0 a.m.•33 views

Debian DLA-1212-1 : otrs2 security update

Four vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. For Debian 7 'Wheezy', these problems have been fixed in version 3.3.18-1deb7u2. We recommend that you upgrade your...

9CVSS7.4AI score0.19901EPSS

Exploits8References6

Debian•added 2017/12/19 8:42 p.m.•23 views

[SECURITY] [DLA 1212-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1deb7u2 CVE ID : CVE-2017-15864 CVE-2017-16664 CVE-2017-16854 CVE-2017-16921 Four vulnerabilities were discovered in the Open Ticket Request System which could result in information disclosure or the execution of arbitrary shell commands by logged-in agents. For...

9CVSS8.7AI score0.19901EPSS

Exploits8

Debian•added 2017/12/17 2:11 p.m.•19 views

[SECURITY] [DSA 4066-1] otrs2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4066-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 17, 2017 https://www.debian.org/security/faq -...

9CVSS8.7AI score0.19901EPSS

Exploits8

UbuntuCve•added 2017/12/08 3:29 p.m.•48 views

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

9CVSS7.4AI score0.19901EPSS

Exploits8References3

OSV•added 2017/12/08 3:29 p.m.•1 views

UBUNTU-CVE-2017-16921

8.8CVSS7.4AI score0.19901EPSS

Exploits8References4

OSV•added 2017/12/08 3:29 p.m.•20 views

CVE-2017-16921

8.8CVSS7.5AI score

Exploits0References5

Cvelist•added 2017/12/08 3:0 p.m.•29 views

CVE-2017-16921

8.9AI score0.19901EPSS

Exploits8References5

Veracode•added 2017/11/29 4:55 a.m.•6 views

Arbitrary Code Execution

squizlabs/PHPCodeSniffer is vulnerable to remote code execution RCE attacks. The library does not properly escape the filepath variable for the generateDiff function, allowing a malicious user to inject and execute arbitrary shell commands...

8.2AI score

Exploits0

Veracode•added 2017/11/22 9:13 a.m.•6 views

Arbitrary Code Execution

Smarty is vulnerable to arbitrary code execution. The library does not properly sanitize user parameters in the smartyfunctionmath function in the libs/plugins/function.math.php file. This can allow a malicious user to inject and execute arbitrary shell commands by passing a string with backticks...

7.8AI score

Exploits0

OpenVAS•added 2017/11/22 12:0 a.m.•19 views

Debian: Security Advisory (DSA-4047-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.02492EPSS

Exploits0References4

UbuntuCve•added 2017/11/21 2:29 p.m.•27 views

CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

8.8CVSS7.4AI score0.02492EPSS

Exploits0References2