CVE-2017-14478

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14477

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14476

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14479

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14475

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14477

CVE-2017-14477 relates to a shell-command injection in MMM::Agent::Helpers::Network::add_ip within MMM mmm_agentd 2.2.1 (FreeBSD). A specially crafted MMM protocol message over TCP can trigger arbitrary command execution with the privileges of mmm_agentd. Connected sources (Talos, CNVD/CVE record...

CVE-2017-14477

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for FreeBSD, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14474

In the MMM::Agent::Helpers::execute function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An attacker that can...

CVE-2017-14476

CVE-2017-14476 affects MySQL MMM MMM agent (mmm_agentd) v2.2.1. Multiple remote command-injection vulnerabilities exist in the MMM Agent helpers, notably in MMM::Agent::Helpers::Network::add_ip(), with variants across Linux, Solaris, and FreeBSD, plus related helpers (clear_ip, check_ip) and _exe...

CVE-2017-14475

MMM Agent (mmm_agentd) 2.2.1 for Linux is affected by multiple shell command injection flaws in the MMM::Agent::Helpers::Network::add_ip and related code paths. A specially crafted MMM protocol message can inject commands via untrusted role IP input passed through configure_ip/add_ip/clear_ip and...

CVE-2017-14479

In the MMM::Agent::Helpers::Network::clearip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-14481

In the MMM::Agent::Helpers::Network::sendarp function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

PT-2018-5674 · Mysql Server · Mysql Multi-Master Replication Manager (Mmm) Mmm Agentd

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the clear ip function, resulting in arbitrary command execution with the privileg...

GLSA-201805-04 : rsync: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-201805-04 rsync: Arbitrary command execution A vulnerability was discovered in rsyncs parsearguments function in options.c. Impact : Remote attackers could possibly execute arbitrary commands with the privilege of the process...

PT-2018-5676 · Mysql Server · Mysql Multi-Master Replication Manager

Name of the Vulnerable Software and Affected Versions: MySQL Multi-Master Replication Manager MMM mmm agentd version 2.2.1 Description: A specially crafted MMM protocol message can cause a shell command injection in the MMM::Agent::Helpers::Network::send arp function, resulting in arbitrary comma...

rsync: Arbitrary command execution

Background File transfer program to keep remote files into sync. Description A vulnerability was discovered in rsync’s parsearguments function in options.c. Impact Remote attackers could possibly execute arbitrary commands with the privilege of the process. Workaround There is no known workaround...

Vulnerability Spotlight: MySQL Multi-Master Manager Remote Command Injection Vulnerability

Discovered by Matthew Van Gundy of Asig Overview Today, Talos is releasing details of a new vulnerability within MySQL Multi-Master Manager. This is used to perform monitoring, failover and management of MySQL master-master replication configurations. By using MySQL MMM Multi-Master Replication...

Multi-Master Replication Manager for MySQL mmm_agentd Remote Command Injection Vulnerabilities

Summary Multiple exploitable remote command injection vulnerabilities exist in the MySQL Master-Master Replication Manager MMM mmmagentd daemon 2.2.1. mmmagentd commonly runs with root privileges and does not require authentication by default. A specially crafted MMM protocol message can cause a...

SUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)

This update for patch fixes the following issues: Security issues fixed : - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands bsc1088420. - CVE-2018-6951: Fixed NULL pointer dereference in the intuitdifftype function in pch.c bsc1080918. - CVE-2016-10713: Fixed...

The vulnerability of the VBWinExec function in the software for remote monitoring of Advantech WebAccess allows a hacker to execute arbitrary commands on the operating system.

The vulnerability of the VBWinExec function Node\AspVBObj.dll in the software for remote monitoring of Advantech WebAccess is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute...