3 matches found
CVE-2011-10026
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
CVE-2011-10026 Spreecommerce < 0.50.x API RCE
Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...
cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root
CloudForms Management Engine has a vulnerability that allows local users to execute arbitrary commands as root. An attacker with SSH access to the system can use the dRuby DRb module installed on the system to execute arbitrary shell commands using instanceeval...