CVE-2021-26471

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

Command injection

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

CVE-2021-26471 Unauthenticated remote command execution in Vembu products

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebserviceo.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands...

Cisco HyperFlex HX Data Platform Command Execution

This module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexhxdataplatformcmdexec msf exploitciscohyperflexhxdataplatformcmdexec show...

Cisco HyperFlex HX Data Platform Command Execution Exploit

This Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...

DNS-Black-Cat(DBC) - Multi Platform Toolkit For An Interactive DNS Shell Commands Exfiltration, By Using DNS-Cat You Will Be Able To Execute System Commands In Shell Mode Over DNS Protocol

Multi-platform toolkit for an interactive C2C DNS shell, by using DNS-Black-Cat, you will be able to execute system commands in shell mode over a fully encrypted covert channel. Server ported as a python script, which acts as DNS server with required functionalities to provide interactive shell...

PT-2021-4271 · Pglogical · Pglogical

Name of the Vulnerable Software and Affected Versions: pglogical versions before 2.3.4 pglogical versions before 3.6.26 Description: The issue is related to a lack of input data sanitization in the pglogical system, which can be exploited to gain access to confidential data, compromise data...

PostgreSQL 操作系统命令注入漏洞

PostgreSQL is a free object-relational database management system from the Postgresql organization. The system supports most SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL, which stems from the fact that a...

StackLift LocalStack Command Injection Vulnerability

StackLift LocalStack is a StackLift open source application. Provides an easy-to-use testing framework for cloud applications. A command injection vulnerability exists in StackLift LocalStack version 0.12.6, which can be exploited by an attacker to inject arbitrary shell commands via the...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

CVE-2021-32090

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

Command injection

iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

SUSE: Security Advisory (SUSE-SU-2018:3926-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NEC Aterm WG2600HS 操作系统命令注入漏洞

The NEC Aterm WG2600HS is a wireless router from Nippon Electric NEC. Aterm WG2600HS: Version 1.5.1 contains a security vulnerability that could allow a remote attacker to execute arbitrary shell commands on the target system...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

Huawei EulerOS: Security Advisory for ImageMagick (EulerOS-SA-2021-1682)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated ksh packages fix security vulnerability

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...