7632 matches found
iSmartAlarm CubeOne Arbitrary Command Execution Vulnerability
iSmartAlarm is a DIY smart home security system that allows for self-monitoring and self-control, and Cube One is the control center of this smart system. An arbitrary command execution vulnerability exists in iSmartAlarm CubeOne. An attacker can exploit this vulnerability to execute arbitrary...
[ASA-201711-40] shadowsocks-libev: arbitrary command execution
Arch Linux Security Advisory ASA-201711-40 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-15924 Package : shadowsocks-libev Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-474 Summary ======= The package...
GHSA-RPH7-J9QR-H8Q8 Potential Command Injection in codem-transcode
When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...
Potential Command Injection in codem-transcode
When the ffprobe functionality is enabled on the server, HTTP POST requests can be made to /probe. These requests are passed to the ffprobe binary on the server. Through this HTTP endpoint it is possible to send a malformed source file name to ffprobe that results in arbitrary command execution...
The vulnerability of the datamover module of the Linux operating system-based backup software NovaBACKUP allows a perpetrator to execute arbitrary commands.
The vulnerability of the datamover module of the Linux operating system-based NovaBACKUP data center backup software exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the AirLink router’s microprogramming software, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.
The vulnerability of the AirLink router’s microprogramming software is related to the lack of measures taken for data cleaning at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using metasymbols on certain pages /goform/...
Command injection
soyuka/pidusage =1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution...
CVE-2017-1000220
soyuka/pidusage =1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution...
CVE-2017-1000220
soyuka/pidusage =1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution...
[ASA-201711-24] couchdb: multiple issues
Arch Linux Security Advisory ASA-201711-24 ========================================== Severity: High Date : 2017-11-16 CVE-ID : CVE-2017-12635 CVE-2017-12636 Package : couchdb Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-495 Summary ======= The package couchdb...
The vulnerability of Huawei FusionServer’s software allows a hacker to bypass access restrictions and execute arbitrary commands.
The vulnerabilities of the FusionServer RH2288V3, FusionServer RH2288HV3, FusionServer XH628V3, FusionServer RH1288V3, FusionServer RH2288A2, FusionServer RH1288A2, FusionServer RH8100V3, FusionServer CH222V3, FusionServer CH220V3, and FusionServer CH121V3 software programs are related to the lac...
CVE-2017-1453
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372...
PYSEC-2017-79
An exploitable vulnerability exists in the YAML parsing functionality in the readyamlfile method in ioutils.py in djangomakeapp 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability...
CVE-2017-16615
An exploitable vulnerability exists in the YAML parsing functionality in the parseyamlquery method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where...
Circle with Disney Startup WiFi Channel Parsing Command Injection Vulnerability(CVE-2017-12094)
Summary An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...
Cacti Arbitrary OS Command Execution Vulnerability
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A security vulnerability exists in the lib/rrd.php file in Cacti...
Command injection
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used...
CVE-2008-7319
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments e.g., invalid hostnames containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used...
The vulnerability of the devscripts script (scripts/licensecheck.pl) for the Fedora operating system allows a perpetrator to execute arbitrary shell commands.
The vulnerability of the devscripts script scripts/licensecheck.pl for the Fedora operating system is related to the lack of measures taken to neutralize the special elements used in the command. Exploiting this vulnerability could allow a local attacker to execute arbitrary shell commands...
tnftp "savefile" Arbitrary Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'tnftp "savefile" Arbitrary Command Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in tnftp's...