CVE-2018-7271

An issue was discovered in MetInfo 6.0.0. In install/install.php in the installation process, the config/configdb.php configuration file filtering is not rigorous: one can insert malicious code in the installation process to execute arbitrary commands or obtain a web shell...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

CVE-2017-5828

An arbitrary command execution vulnerability in HPE Aruba ClearPass Policy Manager version 6.6.x was found...

CVE-2017-12547

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-12548

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-12547

A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found...

CVE-2017-5828

CVE-2017-5828 affects HPE Aruba ClearPass Policy Manager, version 6.6.x. Multiple connected records describe an arbitrary command execution vulnerability in this product family. The CNVD entry further states the issue exists in versions prior to 6.6.5, implying a fix in 6.6.5 or later, but the do...

[ASA-201802-4] plasma-workspace: arbitrary command execution

Arch Linux Security Advisory ASA-201802-4 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2018-6791 Package : plasma-workspace Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-607 Summary ======= The package...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

NetEx HyperIP Post-Auth Command Execution

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command, CWE-250: Execution with Unnecessary Privileges Impact: Arbitrary Command...

Cisco UCS Central Arbitrary Command Execution Vulnerability

A vulnerability in an operations script of Cisco UCS Central could allow an authenticated, remote attacker to execute arbitrary shell commands with the privileges of the daemon user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by posting...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

Command injection

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

RubyGems echor 'backplane.rb' remote command injection vulnerability

RubyGems echor is a Ruby-based Echo application developed by software developer Pedro Del Gallego. A remote command injection vulnerability exists in RubyGems echor, which stems from the program failing to adequately filter user-submitted input data. An attacker could use this vulnerability to...

The vulnerability of the Switch Configuration Tools Backend component (clcmd_server) of the Cumulus Linux operating system allows a hacker to execute arbitrary commands.

The vulnerability of the Switch Configuration Tools Backend component clcmdserver in the Cumulus Linux operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using metashell shells, utilizing the “cl-rctl”...

CloudBees Jenkins Arbitrary Command Execution Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

The vulnerability of the Zivif PR115-204-P-RS webcam’s microprogramming software is related to the lack of measures taken to neutralize special elements, allowing intruders to execute arbitrary commands.

The vulnerability of the Zivif PR115-204-P-RS webcam microprogramming software is related to the lack of measures taken to neutralize the special elements used in the command string. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using CGI scripts. An example...