27 matches found
CVE-2026-46739
A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...
EUVD-2020-0305
Malware in sbrugna...
In older versions of Sendmail, an attacker could use a pipe character to execute root commands.
...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that if a user's full name uses "|" and the user is quoted, updating the user's...
rake: OS Command Injection via egrep in Rake::FileList
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
UBUNTU-CVE-2021-31799
In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
OESA-2021-1150 rubygem-mini_magick security update
A ruby wrapper for ImageMagick command line. Using MiniMagick the ruby processes memory remains small it spawns ImageMagick's command line program mogrify which takes up some memory as well, but is much smaller compared to RMagick. Security Fixes: In lib/minimagick/image.rb in MiniMagick before...
GHSA-JPPV-GW3R-W3Q8 OS Command Injection in Rake
There is an OS command injection vulnerability in Ruby Rake before 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
CVE-2020-8130
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
Command injection
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
CVE-2020-8130
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
CVE-2020-8130
There is an OS command injection vulnerability in Ruby Rake 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character |...
CVE-2020-9015
Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7280SRAM-48C6-R 4.22.0.1F devices and possibly other products allow attackers to bypass intended TACACS+ shell restrictions via a | character. NOTE: the vendor reports that this is a configuration issue relating to an overly...
PT-2020-20430 · Arista · Arista Dcs-7050Cx3-32S-R +2
Name of the Vulnerable Software and Affected Versions: Arista DCS-7050QX-32S-R version 4.20.9M Arista DCS-7050CX3-32S-R version 4.20.11M Arista DCS-7280SRAM-48C6-R version 4.22.0.1F Description: The issue allows attackers to bypass intended TACACS+ shell restrictions via a | character. This is...
CVE-2016-5118
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | pipe character at the start of a filename...
GLSA-200808-03 : Mozilla products: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200808-03 Mozilla products: Multiple vulnerabilities The following vulnerabilities were reported in all mentioned Mozilla products: TippingPoint's Zero Day Initiative reported that an incorrect integer data type is used as a CSS...
Design/Logic Flaw
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...
Firefox command line URL launches multi-tabs
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' pipe characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely...
CVE-2002-2365
Simple WAIS SWAIS 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" pipe character...
CVE-2006-2611
Cross-site scripting XSS vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | pipe character...