Code injection

Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream...

CVE-2019-9146

Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream...

CVE-2019-9146

Jamf Self Service 10.9.0 allows man-in-the-middle attackers to obtain a root shell by leveraging the "publish Bash shell scripts" feature to insert "/Applications/Utilities/Terminal app/Contents/MacOS/Terminal" into the TCP data stream...

ImageMagick - Memory Leak

ImageMagick - Memory Leak !/bin/bash help echo "Usage poc generator: basename $0 gen WIDTHxHEIGHT NAME.xbm minimal" echo " Example gen: basename $0 gen 512x512 poc.xbm" echo "Usage result recovery: basename $0 recover SAVEDPREVIEW.png|jpeg|gif|etc" echo " Example recovery: basename $0 recover...

SUSE SLED12 Security Update : libssh (SUSE-SU-2018:3253-1)

This update for libssh fixes the following issues : Security issue fixed : CVE-2018-10933: Fixed a server mode authentication bypass bsc1108020. Non security issue fixed: Fix popd syntax to be compatible with newer versions of the bash shell. Note that Tenable Network Security has extracted the...

Code Execution Vulnerabilities in Multiple Crestron Products

Crestron TSW-1060 and others are touch screen devices from Crestron Electronics, USA. A security vulnerability exists in several Crestron products. The vulnerability can be exploited by remote attackers to execute code with the help of the Bash shell service in the Crestron Toolbox Protocol CTP...

Remote code execution

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol CTP...

CVE-2018-11228

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol CTP...

CVE-2018-11228

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol CTP...

CVE-2018-11228

Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol CTP...

CVE-2018-11228

CVE-2018-11228 affects Crestron TSW-1060/760/560 and TSW-1060-NC/760-NC/560-NC devices pre-2.001.0037.001, where an unauthenticated remote code execution is possible via a Bash shell service in the Crestron Toolbox Protocol (CTP). Connected advisories describe similar CTP console command injectio...

Design/Logic Flaw

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

CVE-2017-12340

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

CVE-2017-12340

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

CVE-2017-12340

CVE-2017-12340 affects Cisco NX-OS System Software on Cisco MDS Multilayer Director Switches, Nexus 7000, and Nexus 7700 series. The flaw is due to insufficient sanitization of user-supplied parameters in the Python scripting sandbox, enabling an authenticated, local attacker to escape the sandbo...

Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

DEBIAN-CVE-2016-4338

The mysql user parameter configuration script userparametermysql.conf in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size paramete...

UBUNTU-CVE-2016-4338

The mysql user parameter configuration script userparametermysql.conf in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size paramete...

Dell iDRAC7 and iDRAC8 Code Injection Vulnerabilities

The Dell iDRAC7 and iDRAC8 are both remote access control cards from Dell USA. A security vulnerability exists in Dell iDRAC7 and iDRAC8 devices using firmware versions prior to 2.40.40.40. An attacker could exploit the vulnerability to gain access to the Bash shell...

Dell iDRAC7 and iDRAC8 Devices Code Injection Vulnerability (Nov 2016)

Dell iDRAC7 and iDRAC8 devices allow authenticated users to gain Bash shell access through a string injection. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...