CVE-2016-1611

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands...

Design/Logic Flaw

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands...

iSQL 1.0 - Shell Command Injection

Exploit for linux platform in category local exploits !/bin/ruby Exploit Title: iSQLRL 1.0 - Shell Command Injection Date: 2016-06-13 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/roselone/iSQL Software Link:...

Debian DLA-455-1 : asterisk security update

CVE-2014-6610 Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the resfaxspandsp module, allows remote authenticated users to cause a denial of service crash via an out of call message, which is not properly handled in the...

Ubiquiti Inc.: Read-Only user can execute arbitraty shell commands on AirOS

This issue is similar to 119317, but happen on the server side data actionRemote. The function "parseHeaders" in remote.inc:38 don't sanitize the input received from the other server other side of the speed test. If the attacker started an speed test against a controlled server attacker itself an...

Mageia: Security Advisory (MGASA-2015-0478)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Centreon 2.6.x < 2.6.5 Multiple Vulnerabilities

According to its version number, the Centreon application hosted on the remote web server is version 2.6.x prior to 2.6.5. It is, therefore, affected by multiple vulnerabilities : - A cross-site request forgery XSRF vulnerability exists in the main.php script. A remote attacker can exploit this t...

CVE-2015-6912

Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitlecodepage parameter to subtitle.cgi...

CVE-2015-5222

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

CVE-2015-5222

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

RubyGems ruby-saml 'xml_security.rb' command injection vulnerability

RubyGems ruby-saml is a set of SAML Security Assertion Markup Language development toolkits for the Ruby on Rails framework organized by RubyGems. A command injection vulnerability exists in RubyGems ruby-saml. A remote attacker could use this vulnerability to execute arbitrary shell commands in...

Code injection

The Management Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter...

CVE-2015-5080

The Management Interface in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter...

[SECURITY] [DSA 3261-1] libmodule-signature-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3261-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 15, 2015 http://www.debian.org/security/faq -...

CVE-2015-3408

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest...

Fedora 20 : perl-Module-Signature-0.78-1.fc20 / perl-Test-Signature-1.11-1.fc20 (2015-5840)

This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a 'skip' parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behavior ...

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

Default credentials

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script...

CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...