Lucene search
K

162 matches found

RedHat Linux
RedHat Linux
added 2016/03/22 9:2 p.m.5 views

cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character

It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...

7.5CVSS7.4AI score0.10171EPSS
Exploits0References5
OSV
OSV
added 2016/01/13 5:1 p.m.8 views

SUSE-SU-2016:0112-1 Security update for foomatic-filters

This update fixes the following security issues: CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters bsc957531. CVE-2015-8560: fixed code execution via improper escaping of ; bsc957531...

7.5CVSS7.6AI score0.10171EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/04/19 12:0 a.m.35 views

cups-filters code execution

cups-browsed shell characters vulnerability...

8.3CVSS4.3AI score0.03429EPSS
Exploits4References2Affected Software1
securityvulns
securityvulns
added 2015/03/08 12:0 a.m.38 views

xdg-open code execution

Code execution because of insufficient shell characters filtering in protocol handlers...

6.8CVSS4.4AI score0.03256EPSS
Exploits1References2Affected Software1
securityvulns
securityvulns
added 2015/02/23 12:0 a.m.29 views

condor code execution

Unfiltered shell characters on mailx invocation...

4.1AI score0.0308EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.49 views

Centreon SQL and Command Injection

Merethis Centreon 2.5.1版本和Centreon Enterprise Server 2.2版本中存在SQL注入漏洞,该漏洞源于以下脚本没有充分过滤参数: views/graphs/common/makeXMLListMetrics.php脚本没有充分过滤‘indexid’参数; views/graphs/GetXmlTree.php脚本没有充分过滤‘sid’参数;...

7.1AI score0.80998EPSS
Exploits9
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.42 views

wpa_supplicant shell characters vulnerability

Insufficient character filtering...

6.8CVSS3.6AI score0.04945EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.161 views

Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2014/05/10 12:0 a.m.30 views

cups-filters code execution

cups-browsed shell characters vulnerabiilty...

8.3CVSS4.4AI score0.01174EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2013/12/17 12:0 a.m.26 views

Webbynode Ruby Gems命令注入漏洞

Bugtraq ID:64289 CVE ID:CVE-2013-7086 Ruby Gem Webbynode是一款让用户部署应用至Webbynode平台的工具。 Ruby Gem Webbynode没有正确过滤通过growlnotify命令所提交的消息,如果消息中包含shell元字符,可以应用程序上下文执行任意命令。 0 Ruby Gem Webbynode 1.0.5.3 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://rubygems.org/gems/webbynode...

7.5CVSS0.03529EPSS
Exploits2
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.41 views

D-Link routers multiple security vulnerabilities

Shell characters injection, authentication bypass...

9.3CVSS3.5AI score0.0416EPSS
Exploits0References5
securityvulns
securityvulns
added 2013/11/18 12:0 a.m.34 views

torque authentication bypass

It's possible to queue code execution by connecting directly to pbsmom port. Shell characters vulnerability...

10CVSS4.6AI score0.03266EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2013/10/02 12:0 a.m.26 views

PineApp Mail-SeCure privilege escalation

Unfiltered shell characters vulnerability...

8.5CVSS3.2AI score0.02992EPSS
Exploits6References1Affected Software1
securityvulns
securityvulns
added 2013/10/01 12:0 a.m.30 views

DavFS2 privilege escalation

Shell characters vulnerability...

7.2CVSS3.7AI score0.01168EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2013/07/19 12:0 a.m.26 views

Sybase EAServer multiple security vulnerabilities

Directory traversal, XML injection, shell characters injection...

3AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2013/03/04 12:0 a.m.34 views

Flash Tool 0.6.0 Remote Code Execution

Flash Tool 0.6.0 Remote code execution vulnerability 3/1/2013 http://rubygems.org/gems/flashtool https://github.com/milboj/flashtool If files downloaded contain shell characters it's possible to execute code as the client user. ie: flashfile;id/tmp/o;.swf ./flashtool-0.6.0/lib/flashtool.rb Lines:...

Exploits0
securityvulns
securityvulns
added 2012/11/14 12:0 a.m.40 views

OpenVAS Manager code execution

Unescaped shell characters on OMP request processing...

7.5CVSS3.8AI score0.03052EPSS
Exploits2References1Affected Software1
securityvulns
securityvulns
added 2012/06/13 12:0 a.m.37 views

Symantec WebGateway security vulnerabilities

Code execution, unfiltered shell characters...

10CVSS3.7AI score0.72596EPSS
Exploits27References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/12/13 12:0 a.m.23 views

SuSE 10 Security Update : dhcpcd (ZYPP Patch Number 7453)

A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note: this is a...

6.8CVSS5.4AI score0.03748EPSS
Exploits0References2
securityvulns
securityvulns
added 2011/08/03 12:0 a.m.31 views

dhcpcd shell characters vulnerability

Shell characters vulnerability in the hostname...

6.8CVSS2AI score0.03748EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder