CVE-2017-8799

Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users potentially anonymous to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname that includes a semicolon would be retrieved vi...

EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1021)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attack...

EulerOS 2.0 SP1 : ImageMagick (EulerOS-SA-2016-1029)

According to the versions of the ImageMagick packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could...

CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

Remote code execution

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

CVE-2017-8220

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

CVE-2017-8220

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

SquirrelMail -- post-authentication remote code execution

SquirrelMail developers report: SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote...

Horde Webmail < 5.2.19 RCE Vulnerability

The HordeCrypt library used in Horde Webmail is prone to a remote code execution RCE vulnerability if the PGP feature is enabled. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

BrainDamage - A fully featured backdoor that uses Telegram as a C&C server

A python based backdoor which uses Telegram as C&C server. /\ /.\ ,.-'/ ",'-., -^ /-^: | \ | \ | | | | | | | | Coded by: Mehul [email protected] -- Github: https://github.com/mehulj94 -- Twitter: https://twitter.com/wayfarermj -- For windows only | | | | | | | | | / / | | | | | '/ / |...

Fedora 24 : php-pear-PHP-CodeSniffer (2017-aaf92c483c)

Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...

Fedora 25 : php-pear-PHP-CodeSniffer (2017-ca3f01bd37)

Version 2.8.1 - This release contains a fix for a security advisory related to the improper handling of shell commands - Uses of shellexec and exec were not escaping filenames and configuration settings in most cases - A properly crafted filename or configuration option would allow for arbitrary...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Struts-Apache-ExploitPack These are just some scripts which yo...

New Struts2 Remote Code Execution exploit caught in the wild

Two days ago Apache has published a fix for the new Remote Code Execution vulnerability in Struts2. Struts2 RCE attacks in the wild This vulnerability allows attacker to execute arbitrary Java code on the application server. We can confirm that caught the first exploit for this vulnerability from...

Fully Featured Backdoor – Telegram C&C: BrainDamage

A python based backdoor which uses Telegram as C&C server. Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree...

Dell SonicWall Secure Remote Access Server Command Injection Vulnerability (CNVD-2017-02473)

Dell SonicWall Secure Remote Access is a SonicWALL Secure Remote Access Series appliance within the Dell SonicWall Secure Mobile Access solution. An input validation vulnerability in the viewcert CGI /cgi-bin/viewcert component of the web management interface of Dell SonicWall Secure Remote Acces...

Design/Logic Flaw

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known...

CVE-2017-3806

A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known...

Design/Logic Flaw

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6...

CVE-2017-3796

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6...