12 matches found
CVE-2026-35582
CVE-2026-35582: Emissary’s Executrix.getCommand() interpolates IN_FILE_ENDING and OUT_FILE_ENDING directly into a /bin/sh -c command string without escaping, enabling local OS command injection when a config place writes shell metacharacters. Connected docs provide concrete details: TempFileNames...
Emissary 安全漏洞
Emissary is a distributed P2P data-driven workflow framework developed by the National Security Agency. Versions of Emissary 8.42.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Executrix.getCommand function, which inserted temporary file paths into shell...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getCommand process. An attacker can execute arbitrary operating system commands by supplying specially crafted values to the INFILEENDING or OUTFILEENDING configuration keys, which are...
PT-2024-39466
Name of the Vulnerable Software and Affected Versions Atelmo Atemio AM 520 HD Full HD Satellite Receiver affected versions not specified Description The device allows an unauthorized attacker to execute system commands with elevated privileges. This is facilitated through the use of the getcomman...
IBM AIX 5.3 GetShell and GetCommand File Enumeration Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see...
IBM AIX 5.3 GetShell and GetCommand Partial File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16103/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This vulnerability may let the attacker gain unauthorized read access to shell scripts on the computer. -bash-3.00$ ls -l /tmp/k.sh -rwx----...
AIX getCommand和getShell命令信息泄露漏洞
IBM AIX是一款商业性质的UNIX操作系统。 在应用了最新补丁之后,AIX的getCommand和getShell命令中仍存在两个漏洞。攻击者可以通过特制命令判断是否存在某文件,或读取其没有权限的任意shell文档。 IBM AIX 5.3 ml03 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.ers.ibm.com/ -bash-3.00$./getCommand.new ../../../../../../etc/security/passwd -bash-3.00$./getCommand.new...
[xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities
Title:xfocus-SD-060101AIX getCommand&getShell two vulnerabilities Affected version : aix5.3 ml03,Other versions not test, should also be affected. Vendor: http://www.ibm.com/ Where: Local XFOCUS http://www.xfocus.org had already discovered some vulnerabilities in getCommand&getShell. After apply...
IBM AIX 5.3 - GetShell GetCommand File Disclosure
IBM AIX 5.3 - GetShell GetCommand File Disclosure source: https://www.securityfocus.com/bid/16103/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This vulnerability may let the attacker gain unauthorized read access to shell scripts on the computer. -bash-3.00$ ls -l...
IBM AIX 5.3 - 'GetShell' / 'GetCommand' File Enumeration
source: https://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able to see. -bash-3.00$./getCommand.new...
IBM AIX 5.3 - GetShell GetCommand File Enumeration
IBM AIX 5.3 - GetShell GetCommand File Enumeration source: https://www.securityfocus.com/bid/16102/info IBM AIX is prone to a local vulnerability in getShell and getCommand. This issue may let local attackers enumerate the existence of files on the computer that they wouldn't ordinarily be able t...
CVE-2005-4273
Multiple unspecified vulnerabilities in 1 getShell and 2 getCommand in IBM AIX 5.3 allow local users to append to arbitrary files...