CVE-2017-16664

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System OTRS 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation...

OTRS -- Multiple vulnerabilities

OTRS reports: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal...

CouchDB: Multiple vulnerabilities

Background Apache CouchDB is a distributed, fault-tolerant and schema-free document-oriented database. Description Multiple vulnerabilities have been discovered in CouchDB. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary shell...

Zeta Components Mail 1.8.1 - Remote Code Execution

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

Zeta Components Mail 1.8.1 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: 'email protected -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

Zeta Components Mail 1.8.1 - Remote Code Execution

Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into /var/www/html/cache/exploit.php. The resulting file will contain t...

Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Linux

Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...

Apache CouchDB 1.x < 1.7.0, 2.x < 2.1.1 Multiple Vulnerabilities - Windows

Apache CouchDB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb"; ifdescripti...

Foscam IP Video Camera Command Injection Vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A command injection vulnerability exists in the web management interface of the Foscam C1 Indoor HD Camera. The vulnerability can be exploited to inject arbitrary shell characters by sending a specially crafted HTTP request...

UBUNTU-CVE-2017-12636

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

CVE-2017-12636

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

Design/Logic Flaw

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

CVE-2017-12635

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keys for 'roles' used for access control within the database, including the special case 'admin' role,...

CVE-2017-12636

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

CVE-2017-12636

CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...

CVE-2017-12636

CVE-2017-12636 affects Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1, where an admin-configured HTTP(S) interface can point to OS binaries, enabling arbitrary shell commands to be executed as the CouchDB user. Multiple connected documents corroborate this RCE via configuration, with exploi...

Foscam IP Video Camera CGIProxy.fcgi Firmware Upgrade Code Execution Vulnerability

Summary Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to th...

Circle with Disney WiFi Restart SSID Parsing Command Injection Vulnerability(CVE-2017-2915)

Summary An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point...

UBUNTU-CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...

CVE-2017-16667

backintime aka Back in Time before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft...