GHSA-99XX-83JM-H24M ClusterLabs crmsh vulnerable to shell code injection

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

ClusterLabs crmsh vulnerable to shell code injection

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

ThreadBoat - Program Uses Thread Execution Hijacking To Inject Native Shell-code Into A Standard Win32 Application

Program uses Thread Hijacking to Inject Native Shellcode into a Standard Win32 Application. About I developed this small project to continue my experiences of different code injection methods and to allow RedTeam security professionals to utilize this method as a unique way to perform software...

Security Advisory 2021-08-01-3 - luci-app-ddns: Multiple authenticated RCEs (CVE-2021-28961)

DESCRIPTION An authenticated user in LuCI is able to inject shell code in luci-app-ddns. Multiple variables in the luci-app-ddns applications where not validated before they were executed on the system's shell, which could be exploited by adding system shell commands. REQUIREMENTS To exploit this...

openSUSE 15 Security Update : crmsh (openSUSE-SU-2021:1087-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1087-1 advisory. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands...

openSUSE 15 Security Update : crmsh (openSUSE-SU-2021:2435-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2435-1 advisory. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands...

SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2435-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2435-1 advisory. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands vi...

SUSE SLES15 Security Update : crmsh (SUSE-SU-2021:2238-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:2238-1 advisory. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands vi...

Debian: Security Advisory (DLA-2533-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2533-1 : crmsh security update

It was discovered that there was an in issue in the command-line tool for the Pacemaker High Availability stack. Local attackers were able to execute commands via shell code injection to the 'crm history' command-line tool, potentially allowing escalation of privileges. For Debian 9 'Stretch', th...

Updated crmsh packages fix security vulnerability

The crm configure and hbreport commands failed to sanitize sensitive information by default bsc1163581. An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm histor...

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

CVE-2020-35458

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the loginfromcookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser...

CVE-2020-35459

CVE-2020-35459 affects ClusterLabs crmsh up to version 4.2.1. A local attacker can trigger shell code injection via the crm history command, potentially escalating privileges. Root cause: improper handling of commands in crm history that enables code execution. Impact: local privilege escalation....

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

CVE-2020-35458

CVE-2020-35458 affects ClusterLabs Hawk 2.x up to 2.3.0-x. The flaw is a Ruby shell code injection via the hawk_remember_me_id parameter in the login_from_cookie cookie. This allows unauthenticated remote attackers to execute code as user hauser, leveraging the user logout routine. Red Hat and SU...

UBUNTU-CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

Arbitrary Code Execution

newsbeuter is vulnerable to arbitrary code execution. A remote attacker is able to inject and execute shell code in the title/url via the bookmarking function...

CVE-2011-4182 shell code injection via ESSID because of missing escaping of a variable

Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1...