CloudBees Jenkins EC2 Plugin Arbitrary Command Execution Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . An...

Ipswitch WhatsUp Gold Arbitrary Command Execution Vulnerability

Ipswitch WhatsUp Gold is a suite of unified infrastructure and application monitoring software from Ipswitch USA. The software supports management of network, server, virtual environment and application performance, among other things. A security vulnerability exists in versions prior to Ipswitch...

GitHub Electron Arbitrary Command Execution Vulnerability

GitHub Electron is an application development framework from the American company GitHub. The framework supports writing cross-platform desktop applications using JavaScript, HTML and CSS. A security vulnerability exists in the protocol handler in GitHub Electron versions 1.8.2-beta.3 and earlier...

CVE-2018-1000006

The CVE-2018-1000006 entry concerns GitHub Electron. Affected Electron versions include 1.8.2-beta.3 and earlier, 1.7.10 and earlier, and 1.6.15 and earlier. The vulnerability lies in the protocol handler: Electron apps on Windows (10/7/2008) that register custom protocol handlers can be tricked ...

CVE-2018-1000006

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user click...

The vulnerability of the Evince document viewing software lies in its inability to eliminate special elements, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the Evince document viewing software backend/comics/comics-document.c is related to the failure to eliminate special elements used in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially prepared a.cbt file, which is...

Updated golang packages fix security vulnerabilities

An arbitrary command execution flaw was found in the way Go's "go get" command handled the checkout of source code repositories. A remote attacker capable of hosting malicious repositories could potentially use this flaw to cause arbitrary command execution on the client side CVE-2017-15041. It w...

[ASA-201801-14] nrpe: arbitrary command execution

Arch Linux Security Advisory ASA-201801-14 ========================================== Severity: High Date : 2018-01-18 CVE-ID : CVE-2013-1362 CVE-2014-2913 Package : nrpe Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-587 Summary ======= The package nrpe...

[ASA-201801-13] transmission-cli: arbitrary command execution

Arch Linux Security Advisory ASA-201801-13 ========================================== Severity: High Date : 2018-01-17 CVE-ID : CVE-2018-5702 Package : transmission-cli Type : arbitrary command execution Remote : Yes Link : https://security.archlinux.org/AVG-588 Summary ======= The package...

CVE-2017-15636

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01907)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. An arbitrary command execution vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit this vulnerability to execute arbitrary commands by injecting commands int...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-02029)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the name variable of the wportal.lua file to...

Xplico Arbitrary Command Execution Vulnerability

Xplico is an open source network forensic analysis tool. A security vulnerability exists in versions of Xplico prior to 1.2.1. A remote attacker can exploit this vulnerability to execute arbitrary commands with the help of shell metacharacters in the name of an uploaded PCAP file...

GLSA-201801-06 : Back In Time: Command injection

The remote host is affected by the vulnerability described in GLSA-201801-06 Back In Time: Command injection Back in Time did improper escaping/quoting of file paths used as arguments to the notify-send command leading to some parts of file paths being executed as shell commands within an os.syst...

USN-3515-1: Ruby vulnerability

It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution...

fs-git command injection vulnerability

fs-git is an open source API file system. A command injection vulnerability exists in fs-git version 1.0.1. The vulnerability stems from the buildCommand method used to create the exec string fails to filter data properly, which can be exploited by an attacker to inject commands and call exec...

Ubuntu 14.04 LTS / 16.04 LTS : Ruby vulnerability (USN-3515-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3515-1 advisory. It was discovered that Ruby allows FTP command injection. An attacker could use this to cause arbitrary command execution. Tenable has extracted the...

MGASA-2017-0486 Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

Arbitrary Command Execution

hawtio-karaf-terminal is vulnerable to arbitrary command execution. Attackers can execute arbitrary commands through the admin terminal as it doesn't require authentication...