5 matches found
CVE-2015-5673
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal aka eventapp web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command...
Command injection
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal aka eventapp web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command...
CVE-2015-5673
eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal aka eventapp web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an HTTP request that includes shell metacharacters in an argument to a "gcloud compute" command...
ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection
Overview ISUCON5 qualifier portal web application eventapp provided by ISUCON organizers contains an OS command injection CWE-78 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#04281281: ISUCON5 qualifier portal web application (eventapp) vulnerable to OS command injection
ISUCON5 qualifier portal web application eventapp provided by ISUCON organizers contains an OS command injection CWE-78 vulnerability. Impact A logged in attacker may execute arbitrary OS commands on the server. Solution Update the Software Update to the latest version according to the informatio...