934 matches found
CVE-2020-3332 Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input...
CVE-2020-15489
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges...
Design/Logic Flaw
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges...
CVE-2020-15489
CVE-2020-15489 describes multiple shell metacharacter injection vulnerabilities in CGI scripts on the Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices, enabling remote code execution with root privileges. The issue is rooted in CGI script handling that allows injection of shell metacharacters, lea...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1529)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Metasploit Libnotify Arbitrary Command Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Metasploit Libnotify Plugin Arbitrary Command Execution', 'Description' = %q This module exploits a shell command injection vulnerability in the...
CVE-2020-1980 PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions...
PAN-OS: Shell injection vulnerability in PAN-OS CLI allows execution of shell commands
A shell command injection vulnerability in the PAN-OS CLI allows a local authenticated user to escape the restricted shell and escalate privileges. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions...
MGASA-2019-0386 Updated signing-party packages fix security vulnerability
Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID CVE-2019-11627...
Updated signing-party packages fix security vulnerability
Updated signing-party package fixes security vulnerability: The gpg-key2ps tool in signing-party contained an unsafe shell call enabling shell injection via a User ID CVE-2019-11627...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
CVE-2019-16255
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument aka the "command" argument to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
Sophos Cyberoam firewall appliance shell injection vulnerability
Sophos Cyberoam firewall appliance is a firewall appliance from Sophos UK.CyberoamOS is the set of operating systems that run on it. A security vulnerability exists in the Sophos Cyberoam firewall appliance running CyberoamOS versions prior to 10.6.6 MR-6. The vulnerability can be exploited by an...
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
CVE-2019-17059
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
Sql injection
A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles...
CVE-2019-17059
CVE-2019-17059 is a shell injection vulnerability in Sophos Cyberoam firewall appliances running CyberoamOS prior to 10.6.6 MR-6. The issue allows remote attackers to execute arbitrary commands through the Web Admin and SSL VPN consoles, enabling remote code execution. Affected device/OS: Sophos ...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...