Lucene search
K

9831 matches found

OSV
OSV
added 2017/10/24 6:33 p.m.14 views

GHSA-M6F7-46HW-GRCJ Creme Fraiche contains OS Command Injection

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...

9.3CVSS7.4AI score0.04247EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.24 views

Creme Fraiche contains OS Command Injection

The setmetadata function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information...

9.3CVSS7.4AI score0.04247EPSS
Exploits2References4Affected Software1
KoreLogic Security
KoreLogic Security
added 2017/10/24 12:0 a.m.35 views

Infoblox NetMRI Administration Shell Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: 7.1.2 - 7.1.4 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-272: Least Privilege Violation Impact: Root...

0.3AI score
Exploits0Affected Software1
Metasploit
Metasploit
added 2017/10/21 12:8 a.m.16 views

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...

8.6AI score
Exploits0
Packet Storm
Packet Storm
added 2017/10/21 12:0 a.m.56 views

Polycom Command Shell Authorization Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Polycom Command Shell Authorization Bypass', 'Alias' = 'polycomhdxauthbypass', 'Author' = 'Paul Haas ', module 'h00die ', submission/cleanup ,...

7.1AI score
Exploits0
OSV
OSV
added 2017/10/19 10:29 p.m.19 views

CVE-2017-15646

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

6.1CVSS7.6AI score
Exploits0References4
Metasploit
Metasploit
added 2017/10/19 1:37 a.m.33 views

Netgear DGN1000 Setup.cgi Unauthenticated RCE

This module exploits an unauthenticated OS command execution vulneralbility in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models. This module requires Metasploit: https://metasploit.com/download Current source:...

7.5AI score
Exploits0
NVD
NVD
added 2017/10/13 5:29 p.m.22 views

CVE-2017-6224

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x less than 10.0.1.0.17 MR1 release and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local...

9.3CVSS9AI score0.01211EPSS
Exploits0References1
Prion
Prion
added 2017/10/13 5:29 p.m.15 views

Command injection

Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileged commands on the underlying operating...

9.3CVSS8.9AI score0.0172EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/10/13 5:0 p.m.49 views

CVE-2017-6223

The CVE-2017-6223 entry concerns Ruckus Wireless ZoneDirector firmware. Affected versions are ZD9.9.x, ZD9.10.x, and ZD9.13.0.x prior to 9.13.0.0.232, where the ping functionality is vulnerable to OS command injection. This could allow a local authenticated user to execute arbitrary commands with...

9.3CVSS8.8AI score0.0172EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/10/13 5:0 p.m.22 views

CVE-2017-6224

Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10.0.0.x, ZD10.0.1.x less than 10.0.1.0.17 MR1 release and Ruckus Wireless Unleashed AP Firmware releases 200.0.x, 200.1.x, 200.2.x, 200.3.x, 200.4.x. contain OS Command Injection vulnerabilities that could allow local...

9AI score0.01211EPSS
Exploits0References1
CVE
CVE
added 2017/10/13 5:0 p.m.58 views

CVE-2017-6224

CVE-2017-6224 affects Ruckus ZoneDirector firmware (ZD9.x, ZD10.0.0.x, ZD10.0.1.x before 10.0.1.0.17 MR1) and Ruckus Unleashed AP firmware (200.0.x–200.4.x). Local authenticated users can inject OS commands by placing them in the Certificate Generation Request Common Name field, leading to arbitr...

9.3CVSS8.8AI score0.01211EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2017/10/08 12:0 a.m.33 views

OrientDB 2.2.x Remote Code Execution Exploit

This Metasploit module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

7.6AI score
Exploits0
OSV
OSV
added 2017/09/29 1:34 a.m.29 views

CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

8.8CVSS8.9AI score
Exploits0References7
Cvelist
Cvelist
added 2017/09/28 2:0 p.m.30 views

CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

8.9AI score0.36003EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2017/09/28 12:0 a.m.43 views

Git cvsserver Remote Command Execution

Phenoelit Advisory Authors joernchen Phenoelit Group http://www.phenoelit.de Affected Products Git before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 git-cvsserver https://git-scm.com Vendor communication 2017-09-08 Sent vulnerability details to the git-security list 2017-09-09 Acknowledgement of t...

7.4AI score
Exploits0
NVD
NVD
added 2017/09/26 2:29 a.m.24 views

CVE-2017-14001

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

9CVSS9.2AI score0.06447EPSS
Exploits0References2
Prion
Prion
added 2017/09/26 2:29 a.m.17 views

Command injection

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL...

9CVSS9.2AI score0.06447EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/09/26 2:0 a.m.63 views

CVE-2017-14001

CVE-2017-14001 affects Digium Asterisk GUI 2.1.0 and earlier. The vulnerability is an OS command injection due to improper neutralization of special elements in URL requests, enabling an authenticated attacker to execute arbitrary code on the device. According to ICS-CERT, this vulnerability is r...

9CVSS9.1AI score0.06447EPSS
Exploits0References2Affected Software1
Exploit DB
Exploit DB
added 2017/09/25 12:0 a.m.65 views

FLIR Thermal Camera FC-S/PT - Command Injection

FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 FC-Series S FC-334-NTSC PT-Series...

7.4AI score
Exploits0
Rows per page
Query Builder