pygments -- shell injection vulnerability

NVD reports: The FontManager.getnixfontpath function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name...

FreeBSD Security Advisory FreeBSD-SA-15:18.bsdpatch

============================================================================= FreeBSD-SA-15:18.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-08-05 Credits: Martin Natano Affects: FreeBSD 10.x. Correcte...

FreeBSD-SA-15:18.bsdpatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:18.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-08-05...

FreeBSD -- shell injection vulnerability in patch(1)

Problem Description: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to pass certain ed1 scripts to the ed1 editor, which would run commands. Impact: This issue could be exploited to execute arbitrary commands as the user invoking patch1...

FreeBSD Security Advisory FreeBSD-SA-15:14.bsdpatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:14.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-07-28 Credit...

FreeBSD-SA-15:14.bsdpatch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:14.bsdpatch Security Advisory The FreeBSD Project Topic: shell injection vulnerability in patch1 Category: contrib Module: patch Announced: 2015-07-28...

FreeBSD -- shell injection vulnerability in patch(1)

Problem Description: Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch1 to run commands in addition to the desired SCCS or RCS commands. Impact: This issue could be exploited to execute arbitrary commands as the user invoking patch1 against...

Accellion FTA - getStatus verify_oauth_token Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Accellion FTA getStatus verifyoauthtoken Command Execution', 'Description' = %q This module exploits a metacharacter shell injection...

Accellion FTA getStatus verify_oauth_token Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Accellion FTA getStatus verifyoauthtoken Command Execution', 'Description' = %q This module exploits a metacharacter shell injection...

FreeBSD : py-salt -- potential shell injection vulnerabilities (865863af-fb5e-11e4-8fda-002590263bf5)

Colton Myers reports : In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to the various cmd module functions. These functions now default to pythonshell=False, which means that the commands will not be sent to an actual shell. The largest side effec...

py-salt -- potential shell injection vulnerabilities

Colton Myers reports: In order to fix potential shell injection vulnerabilities in salt modules, a change has been made to the various cmd module functions. These functions now default to pythonshell=False, which means that the commands will not be sent to an actual shell. The largest side effect...

pillow multiple security vulnerabilities

Symbolic links vulnerability, DoS, shell injection...

cups-filters remove_bad_chars function arbitrary command execution vulnerability

CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...

Cisco WebEx Meetings Server code execution

Shell injection...

Different mailx versions security vulnerabilities

Shell characters injection...

某高校通用内容管理系统后台任意用户登录+getshell

简要描述： 本来我是发现了该系统后台注入和万能密码登录的问题的，搜索了下没找到相关内容，以为没人提交过。等我整理好了，又发现了 http://www.wooyun.org/bugs/wooyun-2010-055845。 挺郁闷的啊....既然这样，那咱就换种方法吧。条条大路通后台啊 详细说明： 南京南软科技为研究生院开发的管理系统 http://www.southsoft.com.cn/Case.asp?id=941 该系统登陆后每次cookie都是一样的，通过简单的伪造cookie就可以绕过后台登陆。...

VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection Exploit

No description provided by source. ?php ============================================= = x VideoScript 3.0 = 4.1.5.55 Unofficial Shell Injection Exploit = = x by G4N0K = ============================================= errorreportingEALL; $G4N0K...

VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection Exploit

No description provided by source. ?php =========================================== = x VideoScript 3.0 = 4.0.1.50 Official Shell Injection Exploit = = x by G4N0K = =========================================== errorreportingEALL; $G4N0K...

TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------- TCExam = 4.0.011 $COOKIESessionUserLang shell injection exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org...

Sun VirtualBox <= 3.0.6 - Privilege Escalation

No description provided by source. !/bin/sh CVE-2009-3692 Sun VirtualBox = 3.0.6 local root exploit ======================================================== Exploits popen meta char shell injection vulnerability in Sun VirtualBox. E.g. admin@sundevil:/test$ id uid=101admin gid=10staff...