FreeBSD : FreeBSD -- shell injection vulnerability in patch(1) (0c6759dd-600a-11e6-a6c3-14dae9d210b8)

Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to run commands in addition to the desired SCCS or RCS commands. Impact : This issue could be exploited to execute arbitrary commands as the user invoking patch1 against a specially crafted...

AXIS Authenticated 远程命令执行漏洞

来源：packetstormsecurity Technical Details The devtools.sh script is the responsible for vulnerability and it's 4 attack vectors through the following pages: http://xxx.xxx.xxx.xxx/applicense.shtml?app= http://xxx.xxx.xxx.xxx/applicensecustom.shtml?app= http://xxx.xxx.xxx.xxx/appindex.shtml?app=...

smarty3 -- shell injection in math

The smarty project reports: bugfix math shell injection vulnerability...

setroubleshoot-plugins: insecure commands.getstatusoutput use in the allow_execmod plugin

A shell command injection flaw was found in the way the setroubleshoot allowexecmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges...

Red Hat Enterprise Linux setroubleshoot allow_execmod plugin shell command injection vulnerability

Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the allowexecmod plugin in RHEL's setroubleshoot. A local attacker could exploi...

Red Hat Enterprise Linux setroubleshoot allow_execstack plugin shell command injection vulnerability

Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the allowexecstack plugin in RHEL's setroubleshoot. A local attacker could...

Red Hat Enterprise Linux shell command injection vulnerability

Red Hat Enterprise Linux RHEL is a Linux operating system maintained and distributed by Red Hat for business users. setroubleshoot is one of the troubleshooting tools. A shell command injection vulnerability exists in the setroubleshoot/auditdata.py file in RHEL version 7.2. An attacker can explo...

Cisco Aironet Access Points Command Injection Vulnerability

The Cisco Aironet 1800/2800/3800 Series Access Points are small and medium-sized wireless network access point products. A security vulnerability exists in the command line interpreter of the Cisco Aironet 1800/2800/3800 Series Access Point. A local attacker can exploit this vulnerability to inje...

Ubiquiti Inc.: Shell Injection via Web Management Console (dl-fw.cgi)

NCC Group Security Advisory https://www.nccgroup.trust -------------------------------------------- Shell Injection via Web Management Console Vendor: Ubiquiti Networks Vendor URL: https://www.ubnt.com Versions affected: airOS XM board line potentially all airOS lines, unverified Systems Affected...

Fedora 23 : python-pygments-2.0.2-3.fc23 (2015-c045f2ab1a)

python-pygments-2.0.2-3.fc22 - Backport patch to fix font manager shell injection for BZ1276321 python-pygments-2.0.2-3.fc23 - Backport patch to fix font manager shell injection for BZ1276321 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Debian DSA-3445-1 : pygments - security update

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3445-1] pygments security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3445-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3445-1 (pygments - security update)

Javantea discovered that pygments, a generic syntax highlighter, is prone to a shell injection vulnerability allowing a remote attacker to execute arbitrary code via shell metacharacters in a font name. OpenVAS Vulnerability Test $Id: deb3445.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generat...

DSA-3445-1 pygments - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3445-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : pygments -- shell injection vulnerability (5f276780-b6ce-11e5-9731-5453ed2e2b49)

NVD reports : The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian DLA-369-1 : pygments security update

It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version 1.3.1+dfsg-1+deb6u11. NOTE: Tenable Network Security has extracted the preceding description block...

[SECURITY] [DLA 369-1] pygments security update

Package : pygments Version : 1.3.1+dfsg-1+deb6u11 CVE ID : CVE-2015-8557 Debian Bug : 802828 It was discovered that there was a shell injection vulnerability in pygments, a syntax highlighting package written in Python. For Debian 6 Squeeze, this issue has been fixed in pygments version...

Pygments FontManager._get_nix_font_path Shell Injection Vulnerability

Pygments FontManager.getnixfontpath version 1.2.2-2.0.2 suffers from a shell injection vulnerability. Shell Injection in Pygments FontManager.getnixfontpath Product: Pygments Version: 1.2.2-2.0.2 497:fe62167596bb to 3693:655dbebddc23 Tue Nov 06 17:30:45 2007 +0000 to Aug 21, 2015. Website:...