CVE-2018-7664

An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS commands can be injected via shell metacharacters in the filename parameter to /api/fileuploader.php or /actions/filedownloader.php...

ClipBucket 4.0.0 - Release 4902 - Command Injection File Upload SQL Injection

ClipBucket 4.0.0 - Release 4902 - Command Injection File Upload SQL Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable...

ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: 4.0.0 - Release 4902 fixed version: 4.0.0 - Release 4902 CVE number: -...

VulnCheck KEV: CVE-2014-6278

GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment...

ClipBucket <= 4.0.0 Multiple Vulnerabilities

ClipBucket is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oxygenz:clipbucket"; if...

ClipBucket SQL Injection / Command Injection / File Upload

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: 4.0.0 - Release 4902 fixed version: 4.0.0 - Release 4902 CVE number: -...

CMS Made Simple 2.1.6 - Remote Code Execution

CMS Made Simple 2.1.6 - Remote Code Execution Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2. 1.6-install.zip Version: 2.1....

CMS Made Simple 2.1.6 - Remote Code Execution

Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2. 1.6-install.zip Version: 2.1.6 CVE: CVE-2018-7448 Tested on: Linux...

JVN#97144273: Multiple vulnerabilities in WXR-1900DHP2

WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...

CMS Made Simple 2.1.6 Remote Code Execution

Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Version: 2.1.6 CVE: CVE-2018-7448 Tested on: Linux...

CMS Made Simple 2.1.6 Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Versio...

CVE-2018-7187

Removed by vendor...

CVE-2017-14535

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php...

Command injection

trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php...

CVE-2017-14535

CVE-2017-14535 affects Trixbox 2.8.0.4, vulnerable to an OS command-injection via shell metacharacters in the lang parameter of /maint/modules/home/index.php. The root cause is improper handling of input in this parameter, enabling remote command execution. Documented impact states successful exp...

CVE-2018-6926

In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems where rhshellfix was enabled, and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by th...

CVE-2018-6926

CVE-2018-6926 affects MISP 2.4.87 in the file app/Controller/ServersController.php . A server setting allowed the override of a path variable on certain Red Hat Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), enabling site admins to inject arbitrary operating system commands...

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary:...

LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution

LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...