RedHat Update for mysql RHSA-2017:0184-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mis-configuration of Apache Velocity template engine used to send emails in GigaCC OFFICE

Overview GigaCC OFFICE provided by WAM!NET Japan K.K. contains mis-configuration of Apache Velocity template engine which is used to send emails. WAM!NET Japan K.K. and the following people reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and...

CVE-2016-7545

SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...

CVE-2016-9016

Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call...

Ansible Arbitrary Command Execution Vulnerability

Ansible is a computer system configuration manager that can be used to publish, manage, and orchestrate computer systems. Ansible fails to filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting special requests to execute arbitrary commands...

[ASA-201701-18] ark: arbitrary command execution

Arch Linux Security Advisory ASA-201701-18 ========================================== Severity: High Date : 2017-01-13 CVE-ID : CVE-2017-5330 Package : ark Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-130 Summary ======= The package ark before version...

FreePBX Framework hotelwakeup Module Directory Traversal

A directory traversal vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the "hotelwakeup" module. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the page that could lead to arbitrary command...

CVE-2015-0854

Summary (CVE-2015-0854): The Shutter screenshot tool is affected up to version 0.93.1. The vulnerability resides in App/HelperFunctions.pm where the image name is mishandled during the “Show in Folder” action, allowing a user-assisted remote attacker to execute arbitrary commands. This is trigger...

CVE-2015-0854

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action...

Vim modelines Remote Command Execution (CVE-2016-1248)

A remote code execution vulnerability exists in the modeline component of Vim due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a file containing a...

FreeBSD : vim -- arbitrary command execution (c11629d3-c8ad-11e6-ae1b-002590263bf5)

Mitre reports : vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Apache Hadoop Arbitrary Command Execution Vulnerability

Apache Hadoop is prone to an arbitrary command execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CentOS Update for vim-common CESA-2016:2972 centos7

Check the version of vim-common SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882616";...

vim: Lack of validation of values for few options results in code exection

A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim...

CVE-2016-7262

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature...

Amazon Linux AMI : vim (ALAS-2016-779)

A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. modelines are disabled by default for root, and enabled by defau...

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)

/ ;author: Filippo "zinzloun" Bersani ;date: 16/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ;72 bytes ;description: executes arbitrary command...

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode 72 bytes. Shellcode exploit for Linx86 platform / ;author: Filippo "zinzloun" Bersani ;date: 16/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic...

CVE-2016-6662

It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server...

MS16-148: Security Update for Microsoft Office (3204068) (macOS)

The Microsoft Office application installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Graphics Device Interface GDI component due to improper handling of object...