SUSE: Security Advisory (SUSE-SU-2020:0717-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection

Summary JT3500V is a most advanced LTE-A Pro CAT12 indoor Wi-Fi & VoIP CPE product specially designed to enable quick and easy LTE fixed data service deployment for residential and SOHO customers. It provides high speed LAN, Wi-Fi and VoIP integrated services to end users who need both bandwidth...

SaltStack Salt REST API Arbitrary Command Execution

This module exploits an authentication bypass and command injection in SaltStack Salt's REST API to execute commands as the root user. The following versions have received a patch: 2015.8.10, 2015.8.13, 2016.3.4, 2016.3.6, 2016.3.8, 2016.11.3, 2016.11.6, 2016.11.10, 2017.7.4, 2017.7.8, 2018.3.5,...

CVE-2020-3384 Cisco Data Center Network Manager Command Injection Vulnerability

A vulnerability in specific REST API endpoints of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system with the privileges of the logged-in user. The vulnerability is due to insufficient validation of...

CVE-2020-4066 Command Injection in Limdu trainBatch function

In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95...

CVE-2019-10777

In aws-lambda versions prior to version 1.0.5, the "config.FunctioName" is used to construct the argument used within the "exec" function without any sanitization. It is possible for a user to inject arbitrary commands to the "zipCmd" used within "config.FunctionName"...

CVE-2019-13051

Pi-Hole 4.3 allows Command Injection...

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

Exploit for OS Command Injection in Webmin

CVE-2019-15107 CVE-2...

CVE-2013-2516

Vulnerability in FileUtils v0.7, Ruby Gem Fileutils = v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell...

xdebug Unauthenticated OS Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'xdebug Unauthenticated OS Command Execution', 'Description' = %q Module exploits a vulnerability in the eval command present in Xdebug versions...

LocalTapiola: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)

Summary: the "/system/images" URL accepts a Base-64 encoded string, which is in turn used to convert images from the local disk before displaying them to the user. The website fails to validate the user input, allowing arbitrary bash command injection. Description: When surfing the...

CVE-2017-17405

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

CVE-2017-1000214

GitPHP by xiphux is vulnerable to OS Command Injections...

Malicious GIT HTTP Server Exploit

This Metasploit module exploits CVE-2017-1000117, which affects Git versions 2.7.5 and lower. A submodule of the form 'ssh://' can be passed parameters from the username incorrectly. This can be used to inject commands to the operating system when the submodule is cloned. This Metasploit module...

OpenSSH < 7.2p2 X11Forwarding xauth Command Injection

According to its banner, the version of OpenSSH running on the remote host is prior to 7.2p2. It is, therefore, affected by a security bypass vulnerability due to improper sanitization of X11 authentication credentials. An authenticated, remote attacker can exploit this, via crafted credentials, ...

[SECURITY] [DSA 3257-1] mercurial security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3257-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 11, 2015 http://www.debian.org/security/faq -...

Symantec Web Gateway 5 restore.php Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Symantec Web Gateway 5 restore.php Post Authentication Command Injection", 'Description' = %q This module exploits a command injecti...

CosCms 1.721 - OS Command Injection

No description provided by source...

D-Link Devices UPnP SOAP Command Execution

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on DIR-865 and DIR-645 devices. This module requires Metasploit:...