Command Injection

Overview All versions of tomato are vulnerable to Command Injection. The /api/exec endpoint does not validate user input allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

CVE-2019-10018

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case...

CVE-2019-10026

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case...

Xpdf PE Vulnerability (CNVD-2019-22436)

Xpdf is a free PDF viewer and toolkit that includes a text extractor, image converter, HTML converter and more. A PE vulnerability exists in the PostScriptFunction::exec function in Function.cc in Xpdf 4.01.01 in the psOpIdiv scenario. No detailed vulnerability details are provided at this time...

Design/Logic Flaw

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BGSITENAME field in the optbase.inc.php file...

CVE-2019-10023

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case...

DEBIAN-CVE-2017-16231

In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match in pcreexec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is use...

Advanced Host Monitor 11.92 beta - Local Buffer Overflow

!/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date: 2019-03-18 Author: Peyman Forouzan Tested Against: Winxp SP2...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +3 more potentially affected by CVE-2015-1772 via org.apache.hive:hive-exec (=1.1.0)

org.apache.hive:hive-exec MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - ai.h2o:h2o-orc-parser =3.18.0.9, =0.1.5, =0.1.5, =0.11.0, =0.11.1 Source cves: CVE-2015-1772 Source advisory...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +36 more potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (>=0.8.0 <=1.2.1)

org.apache.hive:hive-exec MAVEN version =0.8.0, =3.18.0.9, =0.1.5, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =6.8.3 and more Source cves: CVE-2016-3083 Source advisory: OSV:GHSA-GF2V-9HP6-44QG...

io.druid.extensions.contrib:druid-orc-extensions (>=0.10.0 <=0.12.3), org.apache.tajo:tajo-hive (>=0.11.2 <=0.11.3) potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (=2.0.0)

org.apache.hive:hive-exec MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - io.druid.extensions.contrib:druid-orc-extensions =0.10.0, =0.11.2, =0.11.3 Source cves: CVE-2016-3083 Source...

com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.scylladb.alternator:hive2-shims (>=5.6.0 <=5.8.0) potentially affected by CVE-2017-12625 via org.apache.hive:hive-exec (=2.3.0)

org.apache.hive:hive-exec MAVEN version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - com.amazon.emr:hive2-shims =5.0.0, =5.6.0, =5.8.0 Source cves: CVE-2017-12625 Source advisory:...

DEBIAN-CVE-2019-8980

A memory leak in the kernelreadfile function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service memory consumption by triggering vfsread failures...

Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019

A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/ex...

VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime.

VMware product updates resolve mishandled file descriptor vulnerability in runc container runtime. Successful exploitation of this issue may allow a malicious container to overwrite the contents of a host's runc binary and execute arbitrary code. Exploitation of this vulnerability requires the...

CVE-2018-20772

Frog CMS 0.9.5 allows PHP code execution via ?php to the admin/?/layout/edit/1 URI...

Bitdefender SafePay exec Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...

OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit

Exploit Title: SSHtranger Things Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E. Haase Homepage:...

Information Disclosure

github.com/opencontainers/runc is vulnerable to information disclosure attacks. These attacks are possible because a run exec command can be ptraced by the pid 1 of the container. Using this, it allows attackers to gain access to the file-descriptors of new processes during initialization. It may...

YARA libyara/exec.c file information disclosure vulnerability (CNVD-2019-32348)

YARA is a set of tools used to help software researchers identify and categorize malware samples. A security vulnerability exists in the libyara/exec.c file in YARA version 3.8.1. An attacker can exploit the vulnerability to obtain addresses in the real stack...