cups-filters remove_bad_chars function arbitrary command execution vulnerability

CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...

CVE-2015-2265

The removebadchars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the 1 model or 2 PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...

oc Arbitrary Command Execution Vulnerability (CNVD-2015-01830)

osc is a command-line interface written in Python, and also provides Python modules for use by Python programs. A security vulnerability exists in versions of osc prior to 0.151.0, which can be exploited by a remote attacker to execute arbitrary commands via shell metacharacters within a...

USN-2532-1 cups-filters vulnerability

It was discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands...

ShareLaTeX Remote Command Injection Vulnerability

ShareLaTeX is an open source web-based real-time collaborative LaTex editor developed by the ShareLaTeX team, which supports local editing, real-time collaboration and compilation of LaTeX documents. ShareLaTeX suffers from a remote command injection vulnerability due to the program failing to...

Joyent Node.js dns-sync module arbitrary command execution vulnerability

Joyent Node.js is a set of Joyent's web application platform built on top of Google's V8 JavaScript engine. dns-sync is one of the libraries that allows synchronized resolution of hostnames. A security vulnerability exists in the node.js dns-sync module. An attacker can exploit the vulnerability ...

Arbitrary Command Execution Through Shell Metacharacters In API Arguments

The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function. This vulnerability is a duplicate of CVE-2017-16100...

CVE-2014-9682

The dns-sync module for Node.js (versions before 0.1.1) is affected by CVE-2014-9682. The underlying issue allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function, enabling remote code execution or command executi...

Infoblox Network Automation NetMRI Anyterm Daemon Arbitrary Command Execution Vulnerability

Infoblox Network Automation NetMRI is a suite of automated network configuration and change management software from Infoblox USA. The software has the ability to automate the review and analysis of network changes using built-in expert topics. A security vulnerability exists in Infoblox Network...

CVE-2015-2050

D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors...

CVE-2015-2050

CVE-2015-2050 affects D-Link DAP-1320 Rev Ax with firmware before 1.21b05. A remote attacker can execute arbitrary commands via unspecified vectors over the network (no authentication). Related sources cite a remote code execution/command injection vulnerability tied to the device’s firmware/upda...

HP Data Protector Windows Unauthenticated Remote Code Execution

Added: 02/18/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

HP Data Protector Unauthenticated Remote Code Execution

Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

HP Data Protector Unauthenticated Remote Code Execution

Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

HP Data Protector Unauthenticated Remote Code Execution

Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

HP Data Protector Unauthenticated Remote Code Execution

Added: 02/10/2015 CVE: CVE-2014-2623 BID: 68672 OSVDB: 109069 Background HP Data Protector is a backup solution for enterprise and distributed environments. Data Protector Manager listens on port 5555/TCP. Problem HP Data Protector is vulnerable to remote unauthenticated arbitrary command executi...

Cisco WebEx Meetings Server Command Injection Vulnerability

Cisco WebEx Meetings are web conferencing solutions. A command injection vulnerability exists in Cisco WebEx Meetings Server due to the program failing to properly filter user-supplied input. Allowing an attacker to execute arbitrary commands within the context of the affected application...

openSUSE Security Update : git (openSUSE-SU-2015:0159-1)

This update fixes the following security issue : - CVE-2014-9390: arbitrary command execution vulnerability on case-insensitive file system bnc910756 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

Migrating Elastix 2.5 Remote Code Execute 0day Exploit

Migrating Elastix 2.5 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification of uploaded files. This can be exploited to execute arbitrary code by creating or uploading a malicious script file. Vulnerability tested on CentOS 7...

Authentication flaw

common.c in infosvr in ASUS WRT firmware 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via ...