CVE-2021-26614

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

Remote code execution

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

CVE-2021-26614 IpTime C200 IP camera remote code execution vulnerability

iusget.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command...

PYSEC-2021-101

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

Command injection

The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell commands via the functionName parameter...

Arbitrary shell command execution in logkitty

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

GHSA-V8V8-6859-QXM4 Arbitrary shell command execution in logkitty

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

CVE-2019-17562

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...

CVE-2019-8513

CVE-2019-8513 affects macOS Mojave Time Machine prior to 10.14.4; a local user could execute arbitrary shell commands. The issue is fixed in macOS Mojave 10.14.4 via improved checks. Apple documentation confirms Time Machine-related vulnerability and patch, with related entries noting local-execu...

CVE-2005-3056

TWiki is affected by CVE-2005-3056 due to an arbitrary shell command execution flaw in the Include function. The vulnerability enables an attacker to execute commands on the server when TWiki processes Include, with network access, no authentication, and no user interaction required in the CVSS a...

NewStart CGSL MAIN 4.05 : ghostscript Vulnerability (NS-SA-2019-0145)

The remote NewStart CGSL host, running version MAIN 4.05, has ghostscript packages installed that are affected by a vulnerability: - It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection...

RDK CcspWifiAgent Module Command Execution Vulnerability

RDK is a modular, portable, customizable open source IoT software solution from the RDK Management community. ccspWifiAgent is one of the modules that supports WiFi functionality. A security vulnerability exists in the cosawifiapis.c file of the CcspWifiAgent module in RDK version RDKB-20181217-1...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Debian DSA-4379-1 : golang-1.7 - security update

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell commands. C Tenabl...

Arbitrary Shell Command Execution

Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules...

Debian: Security Advisory (DSA-4353-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Command injection

A command injection vulnerability in the apex-publish-static-files npm module version 2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument...

Debian: Security Advisory (DLA-1104-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-1000502

Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...