CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

Code injection

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

UBUNTU-CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

DEBIAN-CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

CVE-2019-11627

CVE-2019-11627 affects signing-party’s gpg-key2ps tool, where an unsafe shell call enables shell injection via a User ID. Public advisories (openSUSE, Mageia) report this vulnerability and provide updates that fix the issue in signing-party packages. The vulnerability is labeled critical (CVSSv3....

CVE-2019-11627

gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID...

Zyxel NAS 326 Shell Metacharacter Injection Vulnerability

Zyxel NAS 326 is a two-drive personal cloud storage device from Zyxel Hopscotch. A Shell metacharacter injection vulnerability exists in the package installer in Zyxel NAS 326 5.21 and earlier versions. An authenticated attacker can exploit this vulnerability to execute arbitrary code via multipl...

CVE-2018-17565

Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell...

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a syst...

PT-2019-18568 · Systrome · Systrome Cumilon

Name of the Vulnerable Software and Affected Versions: Systrome Cumilon devices with firmware V1.1-R2.1 TRUNK-20181105.bin Description: A shell command injection issue occurs when editing the description of an ISP file due to improper validation of user input in the file network/isp/isp update...

python-gnupg vulnerable to shell injection

python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shellquote function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

GHSA-VCR5-XR9H-MVC5 python-gnupg vulnerable to shell injection

python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shellquote function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

CVE-2018-10823

An issue was discovered on D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip...

mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities

mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities. Multiple Vulnerabilities in mgetty ================================== Overview - -------- Confirmed Affected Versions: 1.2.0 Patched Versions: 1.2.1 Vendor: mgetty...

UBUNTU-CVE-2018-10932

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal...

Black Hat 2018: Widespread Critical Flaws Found in Smart-City Gear

Smart-city technology continues to roll out in municipalities worldwide – everything from automated alerts about weather hazards and traffic issues to smart lighting and connected trash systems. However, like the rest of the Internet of Things IoT ecosystem, security is always a concern, as...

GitList v0.6.0 Argument Injection Vulnerability

This module exploits an argument injection vulnerability in GitList v0.6.0. The vulnerability arises from GitList improperly validating input using the php function 'escapeshellarg'. This module requires Metasploit: https://metasploit.com/download Current source:...

Axis Network Camera Multiple Vulnerabilities (Jun 2018)

Axis Network Cameras is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...