162 matches found
cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...
SUSE-SU-2016:0112-1 Security update for foomatic-filters
This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters bsc957531. CVE-2015-8560: fixed code execution via improper escaping of ; bsc957531...
cups-filters code execution
cups-browsed shell characters vulnerability...
xdg-open code execution
Code execution because of insufficient shell characters filtering in protocol handlers...
condor code execution
Unfiltered shell characters on mailx invocation...
Centreon SQL and Command Injection
Merethis Centreon 2.5.1版本和Centreon Enterprise Server 2.2版本中存在SQL注入漏洞,该漏洞源于以下脚本没有充分过滤参数: views/graphs/common/makeXMLListMetrics.php脚本没有充分过滤‘indexid’参数; views/graphs/GetXmlTree.php脚本没有充分过滤‘sid’参数;...
wpa_supplicant shell characters vulnerability
Insufficient character filtering...
Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...
cups-filters code execution
cups-browsed shell characters vulnerabiilty...
Webbynode Ruby Gems命令注入漏洞
Bugtraq ID:64289 CVE ID:CVE-2013-7086 Ruby Gem Webbynode是一款让用户部署应用至Webbynode平台的工具。 Ruby Gem Webbynode没有正确过滤通过growlnotify命令所提交的消息,如果消息中包含shell元字符,可以应用程序上下文执行任意命令。 0 Ruby Gem Webbynode 1.0.5.3 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://rubygems.org/gems/webbynode...
D-Link routers multiple security vulnerabilities
Shell characters injection, authentication bypass...
torque authentication bypass
It's possible to queue code execution by connecting directly to pbsmom port. Shell characters vulnerability...
PineApp Mail-SeCure privilege escalation
Unfiltered shell characters vulnerability...
DavFS2 privilege escalation
Shell characters vulnerability...
Sybase EAServer multiple security vulnerabilities
Directory traversal, XML injection, shell characters injection...
Flash Tool 0.6.0 Remote Code Execution
Flash Tool 0.6.0 Remote code execution vulnerability 3/1/2013 http://rubygems.org/gems/flashtool https://github.com/milboj/flashtool If files downloaded contain shell characters it's possible to execute code as the client user. ie: flashfile;id/tmp/o;.swf ./flashtool-0.6.0/lib/flashtool.rb Lines:...
OpenVAS Manager code execution
Unescaped shell characters on OMP request processing...
Symantec WebGateway security vulnerabilities
Code execution, unfiltered shell characters...
SuSE 10 Security Update : dhcpcd (ZYPP Patch Number 7453)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note: this is a...
dhcpcd shell characters vulnerability
Shell characters vulnerability in the hostname...