Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13780/info Gentoo webapp-config is prone to an insecure file creation vulnerability. This issue is due to a design error that causes the application to fail to verify the existence of a file before writing to it. An...

CVE-2014-4046

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action...

Sendmail transport arbitrary shell execution

More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...

Debian DSA-2946-1 : python-gnupg - security update

Multiple vulnerabilities were discovered in the Python wrapper for the Gnu Privacy Guard GPG. Insufficient sanitising could lead to the execution of arbitrary shell commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

[SECURITY] [DSA 2946-1] python-gnupg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2946-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 04, 2014 http://www.debian.org/security/faq -...

GLSA-201401-26 : Zabbix: Shell command injection

The remote host is affected by the vulnerability described in GLSA-201401-26 Zabbix: Shell command injection If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are...

Palo Alto Networks PAN-OS < 3.1.11 / 4.0.x < 4.0.9 Multiple Vulnerabilities

The remote host is running a version of Palo Alto Networks PAN-OS prior to 3.1.11 / 4.0.9. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists that allows an authenticated attacker to crash the device via a specially crafted command sent to the CLI...

Palo Alto Networks PAN-OS < 4.0.8 Multiple Vulnerabilities

The remote host is running a version of Palo Alto Networks PAN-OS prior to 4.0.8. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists due to overly verbose error messages. An attacker can exploit this vulnerability by sending specially crafted...

Zabbix: Shell command injection

Background Zabbix is software for monitoring applications, networks, and servers. Description If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are disabled. Impact A...

Cisco Nexus 1000V Series Switches Arbitrary Command Execution Vulnerability

A vulnerability in the license installation module of the Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install all iso command to properly validate user-supplied input. An attacker could exploit th...

PT-2018-13778 · Artifex +3 · Ghostscript +3

Name of the Vulnerable Software and Affected Versions: ghostscript version 9.07 Description: An issue was discovered where a previous fix did not fully address the problem, allowing an attacker to potentially exploit a variant of the flaw. This could enable the bypassing of the -dSAFER protection...

klibc: Command Injection

Background klibc is a minimalistic libc used for making an initramfs. Description The ipconfig utility in klibc writes DHCP options to /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to get defined variables. The options written to this file are not properly escaped. Impact...

CiscoWorks Common Services Home Page Component Unspecified Shell Command Execution

The version of CiscoWorks Common Services installed on the remote Windows host is potentially affected by an arbitrary shell command execution vulnerability. By exploiting this flaw, a remote, authenticated attacker could execute arbitrary commands on the remote host subject to the privileges of...

Cisco Nexus 1000V License Installation Command Injection Vulnerability

A vulnerability in the license installation module of Cisco Nexus 1000V could allow an authenticated, local attacker to execute arbitrary shell commands. The vulnerability is due to a failure of the install license command to properly validate user-supplied input. An attacker could exploit this...

CVE-2013-1362

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...

D-Link - OS-Command Injection via UPnP Interface

D-Link - OS-Command Injection via UPnP Interface Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-6...

Setuid Tunnelblick Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Setuid Tunnelblick Privilege Escalation

This module exploits a vulnerability in Tunnelblick 3.2.8 on Mac OS X. The vulnerability exists in the setuid openvpnstart, where an insufficient validation of path names allows execution of arbitrary shell scripts as root. This module has been tested successfully on Tunnelblick 3.2.8 build...

TWiki < 5.1.3 Multiple Vulnerabilities

According to its version number, the instance of TWiki running on the remote host is affected by multiple security vulnerabilities : - The '%MAKETEXT%' variable fails to properly sanitize user-supplied input. A remote attacker can exploit this issue to execute arbitrary shell commands on the remo...

TomatoCart 1.x Unrestricted File Creation

TomatoCart 1.x versions are susceptible to an unrestricted file creation vulnerability. 1. OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It ...