Yoggie Pico and Pico Pro Backticks Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24743/info Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code wi...

CVE-2007-3572

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "" backtick characters %60 sequences...

Input validation

Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "" backtick characters %60 sequences...

CVE-2007-3572

The vulnerability CVE-2007-3572 affects the Yoggie Pico and Pico Pro (web interface cgi-bin/runDiagnostics.cgi). An incomplete blacklist allows remote attackers to execute arbitrary commands by supplying shell metacharacters in the param parameter, demonstrated with URL-encoded backtick character...

Yoggie Pico/Pico Pro反引号远程命令执行漏洞

Yoggie Pico是一款小巧的USB设备，可实现防火墙和反病毒功能。 Yoggie Pico在处理用户提交的请求数据时存在漏洞，远程攻击者可能利用此漏洞在设备上执行任意命令。 Yoggie Pico安全设备的Web接口开放了ping功能以便于诊断。这个接口以ping -c 10 given ip的形式将输入的IP/主机名直接传送给了ping命令，并对“&”、“；”和管道执行了基本安全检查，但没有检查反引号（“”），这允许攻击者通过提交特制的URL请求在设备上以root用户权限执行任意命令。 Yoggie Pico Yoggie Pico Pro...

yoggie-exec.txt

This vulnerability affects the Yoggie Pico Pro and most certainly the Yoggie Pico, due to them being effectively identical security appliance. They expose a 'ping' function in their web interface for diagnostic purposes, which passes the IP/hostname given directly to ping in the form of 'ping -c ...

Yoggie Pico Pro security appliance code execution

Unfiltered Web interface shell characters...

[Full-disclosure] Yoggie Pico Pro Remote Code Execution

This vulnerability affects the Yoggie Pico Pro and most certainly the Yoggie Pico, due to them being effectively identical security appliance. They expose a 'ping' function in their web interface for diagnostic purposes, which passes the IP/hostname given directly to ping in the form of 'ping -c ...

Yoggie Pico and Pico Pro Backticks - Remote Code Execution

source: https://www.securityfocus.com/bid/24743/info Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary code with superuser privileges. A...

Yoggie Pico and Pico Pro Backticks - Remote Code Execution

Yoggie Pico and Pico Pro Backticks - Remote Code Execution source: https://www.securityfocus.com/bid/24743/info Yoggie Pico and Pico Pro are prone to a remote code-execution vulnerability because the device fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to...