Lucene search
K

621 matches found

OpenVAS
OpenVAS
added 2017/09/17 12:0 a.m.27 views

Debian: Security Advisory (DSA-3977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.03078EPSS
Exploits0References3
Debian
Debian
added 2017/09/04 9:32 p.m.20 views

[SECURITY] [DSA 3964-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3964-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 04, 2017 https://www.debian.org/security/faq -...

9.8CVSS9.6AI score0.14907EPSS
Exploits0
Mageia
Mageia
added 2017/08/19 10:16 a.m.39 views

Updated cvs package fixes security vulnerability

It was discovered that CVS, a centralised version control system, did not correctly handle maliciously constructed repository URLs, which allowed an attacker to run an arbitrary shell command CVE-2017-12836...

7.5CVSS4.7AI score0.05968EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/08/16 12:0 a.m.41 views

FreeBSD : Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests (c9460380-81e3-11e7-93af-005056925db4)

mnaberez reports : supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerabilit...

9CVSS7.8AI score0.87544EPSS
Exploits10References4
OSV
OSV
added 2017/08/13 10:19 p.m.11 views

MGASA-2017-0266 Updated git packages fix security vulnerability

Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules CVE-2017-1000117...

8.8CVSS8.6AI score0.77823EPSS
Exploits9References7
OSV
OSV
added 2017/08/13 1:17 p.m.7 views

MGASA-2017-0263 Updated supervisor packages fix security vulnerability

A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root...

9CVSS8.6AI score0.87544EPSS
Exploits10References3
OpenVAS
OpenVAS
added 2017/08/12 12:0 a.m.17 views

Debian: Security Advisory (DSA-3940-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.05968EPSS
Exploits1References3
NVD
NVD
added 2017/08/11 9:29 p.m.27 views

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

9.8CVSS9.2AI score0.18892EPSS
Exploits3References13
Debian CVE
Debian CVE
added 2017/08/11 9:0 p.m.22 views

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

9.8CVSS9.6AI score0.18892EPSS
Exploits3
Cvelist
Cvelist
added 2017/08/11 9:0 p.m.27 views

CVE-2017-9800

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server to attack another...

9.3AI score0.18892EPSS
Exploits3References13
RedHat Linux
RedHat Linux
added 2017/08/01 2:18 p.m.12 views

mysql: Incorrect input validation allowing code execution via mysqldump

It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database...

7.5AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2017/07/28 7:19 a.m.35 views

CVE-2017-11610

A vulnerability was found in the XML-RPC interface in supervisord. When processing malformed commands, an attacker can cause arbitrary shell commands to be executed on the server as the same user as supervisord. Exploitation requires the attacker to first be authenticated to the supervisord servi...

9CVSS6AI score0.87544EPSS
Exploits10References1
Prion
Prion
added 2017/07/20 4:29 a.m.20 views

Design/Logic Flaw

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge the former name of NetScaler SD-WAN devices, the cookie name was CAKEPHP rather than CGISESSID...

10CVSS9.6AI score0.72596EPSS
Exploits4References5Affected Software1
Cvelist
Cvelist
added 2017/07/18 2:0 p.m.22 views

CVE-2017-6320

A remote command injection vulnerability exists in the Barracuda Load Balancer product line confirmed on v5.4.0.004 2015-11-26 and v6.0.1.006 2016-08-19; fixed in 6.1.0.003 2017-01-17 in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability...

9.2AI score0.11081EPSS
Exploits5References2
NVD
NVD
added 2017/07/06 12:29 a.m.29 views

CVE-2017-6707

A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 through 21.0, 5500 Series, and 5700 Series devices and Cisco Virtualized Packet Core VPC Software could allow an authenticated, local attacker to break from the StarOS CLI of an...

8.2CVSS8.5AI score0.00787EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/06/21 1:0 p.m.25 views

CVE-2017-2828

An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in...

8.8CVSS9AI score0.07802EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2017/06/16 12:0 a.m.52 views

Sophos Web Appliance < 4.3.1 Multiple Remote Command Injection Vulnerabilities

According to its self-reported version number, the Sophos Web Appliance software running on the remote host is prior to 4.3.1. It is, therefore, affected by multiple vulnerabilities : - A remote command injection vulnerability exists in the web administration interface in the...

9CVSS7.7AI score0.24445EPSS
Exploits11References4
Friends Of PHP
Friends Of PHP
added 2017/05/18 4:24 a.m.15 views

Arbitrary shell execution

Security Advisory - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrad...

7.8AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2017/04/26 7:48 a.m.36 views

CVE-2017-7692

SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...

9CVSS3.4AI score0.32156EPSS
Exploits7References2
FreeBSD
FreeBSD
added 2017/04/19 12:0 a.m.29 views

SquirrelMail -- post-authentication remote code execution

SquirrelMail developers report: SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote...

9CVSS7.1AI score0.32156EPSS
Exploits7References1
Rows per page
Query Builder