DrayTek Vigor Series Arbitrary Command Execution Vulnerability

The DrayTek Vigor300B is an enterprise-class router. The DrayTek Vigor300B cgi-bin/mainfunction.cgi URI fails to properly handle SHELL characters, which can be exploited by a remote attacker to submit a special request to execute arbitrary commands with ROOT privileges...

Android Superuser mention the right vulnerability analysis-vulnerability warning-the black bar safety net

Recently, foreign security researchers uncover more Android platform under the authorization Application Management Software there are 3 security vulnerabilities, exploit the vulnerabilities may be the root mention the right, see the link: is. TSRC also for this 3 Android Superuser mention the...

Ruby Gem Command Wrap Command Execution

Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/commandwrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the...

ftpd Gem for Ruby Shell Character Handling Remote Command Injection

ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands...

Adobe Acrobat / Reader multiple security vulnerabilities

Multiple memory corruptions, code executions, privilege escalations, shell character vulnerabilities...

CGI::Lite protection bypass

Not all dangerous shell characters are filtered by CGI::Lite::escapedangerouschars...