LiquidVPN For macOS Operating System Command Injection Vulnerability

LiquidVPN For MacOS is a VPN software for anonymous access to the Internet based on the MacOS platform. An OS command injection vulnerability exists in LiquidVPN For MacOS 1.37 and 1.36 and earlier versions, which stems from the program's failure to filter parameters passed to the 'system'...

glibc 2.26 - getcwd() Local Privilege Escalation

glibc 2.26 - getcwd Local Privilege Escalation / This software is provided by the copyright owner "as is" and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the...

Huawei Mate 9 DoS Vulnerability

Huawei Mate 9 is a smartphone from Chinese company Huawei Huawei. The Huawei Mate 9 is vulnerable to a DoS attack. An attacker can exploit the vulnerability to trick users into installing a malicious application, which can cause some system functions to become unavailable due to the system's...

Command injection

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

NetGear lot of router remote command injection vulnerability analysis(Update Patch analysis)-vulnerability warning-the black bar safety net

0x01 introduction Two days before the NTP just doing the complete thing, the NetGear routerNETGEAR routerand to engage in things of T. T. The current CERT in the last week, five have issued a notice,“if the user comes to the router, it is recommended to stop use until the official release of the...

NetGear R series multi-router remote command injection vulnerability analysis-vulnerability warning-the black bar safety net

Two days before the NTP just doing the complete thing, the NetGear routerNETGEAR routerand to engage in things of T. T. The current CERT in the last week, five have issued a notice,“if the user comes to the router, it is recommended to stop use until the official release of the patch repair.” Thi...

Google Android Framework API elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA for short. The Framework API is one of the API components used to create the framework. An elevation of privilege vulnerability exists in the Framework API in Android. An attacker c...

sudo: noexec bypass via system() and popen()

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the ModuleSystem::RequireForJsInner function in the extensions/renderer/modulesystem.cc module is related to incorrect property handling. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions policies...

Imagetragick patch to bypass the again command execution-vulnerability warning-the black bar safety net

Mood bloopers Hey Hey Hey,the old driver a word substandard will blast a hole Ah,this hole in the previous analysisCVE-2 0 1 6-3 7 1 4when found,the result being to cover their rotten...heart SeseI'll write about at the time is how to find out how this hole... Vulnerability analysis of the text...

The vulnerability of the PHP interpreter allows attackers to execute arbitrary operating system commands.

The vulnerability of the escapeshellarg function ext/standard/exec.c in the PHP interpreter exists because measures to neutralize the special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system...

CVE-2015-4642

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system functio...

http-vuln-cve2014-8877 NSE Script

Exploits a remote code injection vulnerability CVE-2014-8877 in Wordpress CM Download Manager plugin. Versions = 2.0.0 are known to be affected. CM Download Manager plugin does not correctly sanitise the user input which allows remote attackers to execute arbitrary PHP code via the CMDsearch...

Linksys X2000 Command Execution Vulnerability

The Linksys X2000 suffers from a remote, unauthenticated command execution vulnerability that scores root privileges. Hello, I have found on my router, a Linksys X2000, that there is a poor validation of the IP target in the ping diagnostics web page http://$routerip/Diagnostics.asp. This can be...

QNX RTOS 4.25/6.1 phgrafx-startup Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4916/info The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other programs. This...

HP-UX 10.x rs.F3000 Unspecified Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6837/info The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. A denial of service attack is also possible. This is due to multiple instances of the syste...

ActivePerl 5.x,Cygwin 1.5.x System Function Call Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10375/info ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability. The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that i...

Itetris 1.6.1/1.6.2 Privileged Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2139/info Itetris, or Intelligent Tetris, is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular...

QNX RTOS 4.25/6.1 phgrafxPrivilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4915/info The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other programs. This...