Huawei EulerOS: Security Advisory for git (EulerOS-SA-2020-1537)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7804

ActiveX ControlHShell.dll in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method...

Design/Logic Flaw

ActiveX ControlHShell.dll in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method...

CVE-2020-7804

ActiveX ControlHShell.dll in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method...

FreeBSD : py-yaml -- FullLoader (still) exploitable for arbitrary command execution (aae8fecf-888e-11ea-9714-08002718de91)

Riccardo Schirone https://github.com/ret2libc reports : In FullLoader python/object/new constructor, implemented by constructpythonobjectapply, has support for setting the state of a deserialized instance through the setpythoninstancestate method. After setting the state, some operations are...

The vulnerability of the Evince document viewing software lies in its inability to eliminate special elements, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the Evince document viewing software is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow a perpetrator to execute arbitrary commands...

Fedora 30 : rubygem-rake (2020-28e06b5f08)

A security flaw is found on rake which may case arbitrary command execution under file existence with crafted name. This new rpm will fix the issue CVE-2020-8130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...

Fedora 31 : rubygem-rake (2020-dc1ae17bb5)

A security flaw is found on rake which may case arbitrary command execution under file existence with crafted name. This new rpm will fix the issue CVE-2020-8130 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...

iCATCH DVR Input Validation Error Vulnerability

The iCATCH DVR is a digital video recorder DVR from China Desirable International iCATCH. An input validation error vulnerability exists in the firmware of iCATCH DVR prior to version 20200103, which arises from the program failing to properly validate the parameters of a function. An attacker...

CVE-2020-11811

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file...

CVE-2020-11811

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file...

CVE-2020-11811

The CVE-2020-11811 entry concerns qdPM 9.1 where an attacker can upload a crafted PHP file through the Add Profile Photo capability using a malicious Content-Type, enabling remote code execution on the server via the uploaded file. The vulnerability originates from the server accepting and execut...

Sangoma Asterisk Command Injection (CVE-2019-18610)

A command injection vulnerability exists in Sangoma Asterisk. Successful exploitation of this vulnerability could result in arbitrary command execution on the affected system...

CVE-2020-10514 iCatch DVR - Command Injection

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command...

Arbitrary Command Execution

ibm java is vulnerable to arbitrary command execution. A remote attacker is able to execute arbitrary commands via a malicious web page...

Arbitrary Command Execution

device-mapper-multipath is vulnerable to arbitrary command execution. It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in...

Arbitrary Command Execution

enscript is vulnerable to arbitrary command execution. The vulnerability exists as two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes"...

Arbitrary Command Execution

php is vulnerable to arbitrary command execution. The vulnerability exists as it was discovered that the PHP escapeshellcmd function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions...

Clamscan Injection Vulnerability

clamscan is a command line tool that is mainly used to scan files or directories for viruses. An injection vulnerability exists in the 'isclamavbinary' function in the Index.js file in clamscan 1.2.0 and earlier versions. An attacker can exploit this vulnerability by sending a specially crafted...

heroku-addonpool command injection vulnerability

heroku-addonpool is a package for managing applications in Heroku. A command injection vulnerability exists in heroku-addonpool version 0.1.15 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands...