DEBIAN-CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

UBUNTU-CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

Exploit for OS Command Injection in Openbsd Openssh

Verify CVE-2023-51385 First, add the following to /.ss...

SUSE CVE-2023-6004

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter...

libssh Security Vulnerabilities

libssh is a C development package for accessing SSH services from the libssh organization, which is capable of executing remote commands, file transfers, as well as providing a secure transport channel for remote programs. A security vulnerability exists in libssh version 0.10.x, version 0.9.x, a...

Command injection

Proxy command injection vulnerabilities in Trend Micro Mobile Security Enterprise versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations...

CVE-2017-14081

Proxy command injection vulnerabilities in Trend Micro Mobile Security Enterprise versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations...

CVE-2017-14081

CVE-2017-14081 involves Trend Micro Mobile Security for Enterprise (pre-9.7 Patch 3) with a proxy command injection flaw in the modTMCSS Proxy functionality. A remote attacker can execute arbitrary code by manipulating parameters used to spawn system calls. ZDI advisories (ZDI-17-752, ZDI-17-774)...

CVE-2017-14081

Proxy command injection vulnerabilities in Trend Micro Mobile Security Enterprise versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations...

CVE-2017-11394

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG 12 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544...

CVE-2017-11391

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744...

CVE-2017-11394

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG 12 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544...

CVE-2017-11392

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745...

Command injection

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG 12 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544...

CVE-2017-11393

Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG 12 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543...

CVE-2017-11392

CVE-2017-11392 describes a proxy command-injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw affects the modTMCSS Proxy component, where the vulnerability arises from parsing the "+T+" parameter, leading to remote arbitrary code execution on ...

CVE-2017-11392

Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745...

CVE-2017-11393

Trend Micro OfficeScan is affected by a Proxy.php parameter parsing flaw that enables remote code execution via the tr parameter in the Web Console’s Proxy.php. Affected products include OfficeScan 11 and XG (12). The vulnerability allows code execution under the current service context; exploita...

CVE-2017-11394

CVE-2017-11394 describes a proxy.php parameter handling flaw in Trend Micro OfficeScan 11 and XG (12) that allows remote command execution via improper validation of HTTP parameters (Proxy.php). The vulnerability enables an attacker to execute arbitrary code on vulnerable installations. Public re...

CVE-2017-11391

CVE-2017-11391 describes a proxy command injection in Trend Micro InterScan Messaging Virtual Appliance (IMSVA) 9.0 and 9.1. The flaw arises from improper validation of parameters in the modTMCSS Proxy function, specifically when parsing the unsigned input in the t parameter, allowing a remote at...