EUVD-2019-5056

Malware in sbrugna...

CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...

jte 安全漏洞

jte Java Template Engine is a secure and fast template for Java and Kotlin by the individual developer Andreas Hager. A security vulnerability exists in jte 3.1.15 and earlier versions, which stems from improper escaping of backquotes in JavaScript template strings and is vulnerable to cross-site...

Zabbix Code Injection Vulnerability

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in the Zabbix plugin Agent 2, which stems from the fact that Agent 2 packages are built using a version ...

SUSE CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

D-Link DIR-846 安全漏洞

The D-Link DIR-846 is a wireless router from Taiwan, China-based AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR-846 device, which stems from the product's failure to effectively filter the \ and backquotes in the ssid0 and ssid1 parameters. An attacker ca...

D-Link DIR-846 操作系统命令注入漏洞

A command execution vulnerability exists in the D-Link DIR-846, a wireless router from D-Link in Taiwan, China, which originates in the product HNAP1/control/SetNetworkTomographySettings.php file. The vulnerability is caused by the fact that the HNAP1/control/SetNetworkTomographySettings.php file...

CVE-2019-13624

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command...

Remote Code Execution (RCE)

mutt is vulnerable to remote code execution RCE attacks. The vulnerability exists as an issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with...

Sql injection

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

EulerOS 2.0 SP3 : mutt (EulerOS-SA-2018-1305)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 - mutt: Remote Code Execution via backquote characters CVE-2018-14357 -...

EulerOS 2.0 SP2 : mutt (EulerOS-SA-2018-1304)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mutt: Remote code injection vulnerability to an IMAP mailbox CVE-2018-14354 - mutt: Remote Code Execution via backquote characters CVE-2018-14357 -...

Command injection

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16951

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16951

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832...

CVE-2018-16951

CVE-2018-16951 affects xunfeng 0.2.0, where a command injection can be triggered via CSRF due to masscan.py mishandling backquote characters. The entry notes this is related to CVE-2018-16832 and cites the CSRF issue in views/lib/AntiCSRF.py that can lead to arbitrary code execution. Multiple sou...

mutt: Remote Code Execution via backquote characters

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

RHEL 6 / 7 : mutt (RHSA-2018:2526)

The remote Redhat Enterprise Linux 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2526 advisory. Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and...

Mutt and NeoMutt Arbitrary Command Execution Vulnerability (CNVD-2019-06626)

NeoMutt is a patched version of Mutt, a text-based mail client for Unix-like systems developed by Michael Elkins Software Developers. An arbitrary command execution vulnerability exists in Mutt versions prior to 1.10.1 and NeoMutt versions prior to 2018-07-16, which stems from the fact that mutt...

Design/Logic Flaw

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...