Mercurial -- multiple vulnerabilities

Mercurial Release Notes: CVE-2017-1000115 Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116 Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a...

CVE-2017-1000009

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

CVE-2017-1000009

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

Design/Logic Flaw

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

OS Command Injection

Akeneo PIM is vulnerable to shell injection in the mass edition, resulting in remote code execution...

CVE-2017-1000009

Akeneo PIM CE and EE 1.6.6, 1.5.15, 1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution...

CVE-2017-1000009

Akeneo PIM CE and EE are affected by a shell injection vulnerability in the mass edition feature for versions < 1.6.6, < 1.5.15, and

FreeBSD : smarty3 -- shell injection in math (6e4e35c3-5fd1-11e7-9def-b499baebfeaf)

The smarty project reports : bugfix math shell injection vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution a...

CVE-2017-2847

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP...

CVE-2017-9828

'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...

CVE-2017-4961

An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x versions prior to 261.3 and all 260.x versions. In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM, aka "BOSH Director Shell...

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected BOSH Release: 261.x versions prior to 261.3 All 260.x versions Description In certain cases an authenticated Director user can provide a malicious checksum that could allow them to escalate their privileges on the Director VM...

Command Line Shell Injection

plexus-utils is vulnerable to command line shell injection. The library does not correctly quote the contents of double-quoted strings, allowing a malicious user to inject and execute arbitrary shell code...

Shell Injection in SourceTree for Mac

SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...

Shell Injection in SourceTree for Mac

SourceTree for Mac had a shell injection vulnerability starting with 1.9.8 prior to 2.3.1 the fixed version. By visiting a malicious website or by convincing a user to click a sourcetree:// URL with a vulnerable version of SourceTree for Mac installed an attacker could use a shell injection...

Shell Injection

rack-perftoolsprofiler is vulnerable to shell injection attacks. A malicious user can inject and execute arbitrary shell code when passing arguments to the profiler...

Debian DLA-745-1 : most security update

The most pager can automatically open files compressed with gzip, bzip2 and in Debian LZMA. Alberto Garcia discovered that Debian's version of most was susceptible for a shell injection attack that could be exploited to run arbitrary commands on the user's computer. For Debian 7 'Wheezy', these...

[SECURITY] [DLA 745-1] most security update

Package : most Version : 5.0.0a-2.2 CVE ID : CVE-2016-1253 Debian Bug : 848132 The most pager can automatically open files compressed with gzip, bzip2 and in Debian LZMA. Alberto Garcia discovered that Debians version of most was susceptible for a shell injection attack that could be exploited to...

DLA-745-1 most - security update

Bulletin has no description...

PT-2020-5859 · Saltstack +3 · Saltstack Salt +3

Name of the Vulnerable Software and Affected Versions: SaltStack Salt versions through 3002 Description: The issue is related to a lack of measures to neutralize special elements in the Salt configuration management and remote execution system. Exploitation of this issue allows a remote attacker ...