Security Bulletin: A vulnerability in IBM Spectrum Scale CSI could allow insecure external command execution (CVE-2020-4981)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale CSI that could allow insecure external command execution. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4981 DESCRIPTION: IBM Spectrum Scale could allow a local privileged...

CVE-2020-27187

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcoreexternalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related...

UBUNTU-CVE-2020-27187

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcoreexternalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

Design/Logic Flaw

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

CVE-2020-11629

EJBCA before 6.15.2.6 and 7.x before 7.3.1.2 is affected by a vulnerability in the External Command Certificate Validator . The validator allows uploading external linters to validate certificates, and is described as saving uploaded test certificates to the server. An attacker who gains access t...

CVE-2020-11629

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. The External Command Certificate Validator, which allows administrators to upload external linters to validate certificates, is supposed to save uploaded test certificates to the server. An attacker who has gained access to...

CVE-2019-14450

A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration ...

CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

DEBIAN-CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...

In the PHP implementation of the system to external command-and-vulnerability warning-the black bar safety net

PHP as a server side scripting language, like writing a simple, or a complex dynamic web page such a task, it is fully able to do the job. But the thing is not always the case, sometimes in order to achieve a certain function, it must be by means of theoperating systemof the external program, or...

In the PHP implementation of the system to external command-and-vulnerability warning-the black bar safety net

See online article, turn it down collection. PHP as a server side scripting language, like writing a simple, or a complex dynamic web page such a task, it is fully able to do the job. But the thing is not always the case, sometimes in order to achieve a certain function, it must be by means of...

In the PHP implementation of the system to external command-and-vulnerability warning-the black bar safety net

PHP as a server side scripting language, like writing a simple, or a complex dynamic web page such a task, it is fully able to do the job. But the thing is not always the case, sometimes in order to achieve a certain function, it must be by means of theoperating systemof the external program, or...

MacOS X DirectoryService privelege escalation

External touch command is executed without full path...

Caldera X Server 7.1/8.0 - External Program Privileged Invocation

source: https://www.securityfocus.com/bid/5575/info Caldera's X Server implementation invokes external commands without dropping existing privilege levels. Xserver calls xkbcomp, and other related utilities, in an unsecure manner using the popen or system calls. While this would not typically be ...

Очередные проблемы в CGI

Недостаточная проверка shell символов в данных пользователя при вызове внешней команды...