2 matches found
DrayTek Vigor Series Arbitrary Command Execution Vulnerability
The DrayTek Vigor300B is an enterprise-class router. The DrayTek Vigor300B cgi-bin/mainfunction.cgi URI fails to properly handle SHELL characters, which can be exploited by a remote attacker to submit a special request to execute arbitrary commands with ROOT privileges...
ftpd Gem for Ruby Shell Character Handling Remote Command Injection
ftpd Gem for Ruby contains a flaw that is triggered when handling a specially crafted option or filename that contains a shell character. This may allow a remote attacker to inject arbitrary commands...