CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...

Command injection

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input...

CVE-2021-42376

CVE-2021-42376 is a BusyBox vulnerability affecting the hush applet where a NULL pointer dereference can cause denial of service when processing a crafted command due to missing validation after a delimiter. Public disclosures and vendor advisories across multiple distributions (Debian, Alpine, F...

CVE-2021-42375

CVE-2021-42375 concerns BusyBox ash applet: incorrect handling of a special element can trigger a denial of service when processing a crafted shell command. Affected product: Cloud Pak for Security (CP4S) versions 1.8.1.0, 1.8.0.0, and 1.7.2.0. Remediation: upgrade to CP4S 1.9.0.0 per IBM guidanc...

CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input...

PT-2021-4720 · Cisco · Cisco Ios Xe +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software affected versions not specified Cisco IOS XE Software affected versions not specified Description: A vulnerability in the CLI of the software could allow an authenticated, local attacker to execute arbitrary...

Design/Logic Flaw

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1...

CVE-2021-21734

Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authority can obtain it by inputing command. This affects: ZTE PON MDU device ZXA10 F821 V1.7.0P3T22, ZXA10 F822 V1.4.3T6, ZXA10 F819 V1.2.1T5, ZXA10 F832 V1.1.1T7, ZXA10 F839 V1.1.0T8, ZXA10 F809 V3.2.1T1...

CVE-2019-15599

A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command...

CVE-2015-2895

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input...

Buffer overflow

Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input...

Cisco ASA VNMC Command Input Validation Vulnerability (cisco-sa-20141008-asa)

A vulnerability in the Virtual Network Management Center VNMC policy code of Cisco ASA Software could allow an authenticated, local attacker to access the underlying Linux operating system with the privileges of the root user. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might ...

Uiga Personal Portal Cross Site Scripting / Blind SQL Injection

Exploit Title: Uiga Personal Portal Multiple Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Blind SQL Injection and XSS can be done using the command input Vulnerable Page: index.php cart.php...

TotalShopUK 1.7.2 SQL Injection

Exploit Title: TotalShopUK E-Commerce System SQL Injection Date: 19.08.2011 Author: Eyup CELIK Software Link: http://www.totalshopuk.com Version: 1.7.2 Tested on: All versions are Vulnerability ISSUE SQL Injection can be done using the command input Exploit: products/c/index.php/1' Demo:...

TiTan FTP Server Long Command Heap Overflow PoC Exploit

No description provided by source. / ----------------------------------------------------------------------- titanftp.c - TiTan FTP Server Long Command Heap Overflow PoC Exploit Copyright C 2000-2004 HUC All Rights Reserved. Author : lion : lion cnhonker net : www cnhonker com Date : 2004-08-30...

Cerberus FTPServer 1.712.12.32 - Remote Denial of Service

Cerberus FTPServer 1.712.12.32 - Remote Denial of Service source: https://www.securityfocus.com/bid/8452/info It has been reported that some versions of Cerberus FTP Server may be prone to remote denial of service attacks. The problem is said to occur when the order of a carriage return and line...

typsoft-ftpd.txt

TYPSoft FTP Server remote DoS Problem + Advisory by dethy www.synnergy.net |=========================================| Advisory 12 Vulnerable: TYPSoft FTP Server 0.78 although 0.7X are also vulnerable Systems : Win9X, WinNT Product : http://www.multimania.com/typsoft/ Discovery :...