GHSA-79H8-7735-V3F9 System command execution vulnerability in Selection tasks Jenkins Plugin

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

CVE-2020-2276

Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specified program on the Jenkins controller, allowing attackers with Job/Configure permission to execute an arbitrary system command on the Jenkins controller as the OS user that the Jenkins process is running as...

CVE-2019-6685

On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, users with access to edit iRules are able to create iRules which can lead to an elevation of privilege, configuration modification, and arbitrary system command execution...

FusionPBX Command exec.php Command Execution

This module uses administrative functionality available in FusionPBX to gain a shell. The Command section of the application permits users with execview permissions, or superadmin permissions, to execute arbitrary system commands, or arbitrary PHP code, as the web server user. This module has bee...

CVE-2019-10916

CVE-2019-10916 affects Siemens SIMATIC PCS7 and WinCC/TIA Portal products (multiple versions). The root cause is SQL Injection in the project file handling, allowing an attacker who can access the project file to run arbitrary commands with the local database server’s privileges, impacting confid...

Telesquare SKT LTE Router SDT-CS3B1 CSRF / Command Execution

Telesquare SKT LTE Router SDT-CS3B1 CSRF System Command Execution Vendor: Telesquare Co., Ltd. Product web page: http://www.telesquare.co.kr Affected version: FwVer: SDT-CS3B1, sw version 1.2.0 LteVer: ML300S5XEA41090 1 0.1.0 Modem model: PM-L300S Summary: We introduce SDT-CS3B1 LTE router which ...

Cambium ePMP 1000 'ping' Command Injection (up to v2.5)

This module exploits an OS Command Injection vulnerability in Cambium ePMP 1000 Authors Karn Ganeshen This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Command Injection ...

CVE-2014-3582

In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster...

Remote Code Execution in Exponent

High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...

The Java Debugger exploits and fixes-vulnerability warning-the black bar safety net

0x0 Foreword Recently found an interesting vulnerability-JAVA open the Debugger mode can execute arbitrary system commands. Need certain Use Conditions, you have to be open to debug the process of setting up a breakpoint, and then use this breakpoint to execute the command of the operation. 0x1...

Gentoo Security Advisory GLSA 201206-36 (logrotate)

The remote host is missing updates announced in advisory GLSA 201206-36. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

dotProject-2.0.1.txt

dotproject Date: Feb. 14 2006 Vendor: dotproject.net contacted Description: dotProject is a volunteer supported Project Management application. Details: The 'protection.php' script does not properly validate user-supplied input in the 'siteurl' parameter. Some user-supplied input is not checked...