EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

Command injection

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

Command injection

An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. The login form passes user input directly to a shell command without any kind of escaping or validation in /usr/share/www/check.lp file. An attacker is able to perform command injection using the "password" parameter...

CVE-2019-7385

CVE-2019-7385 affects Raisecom ISCOM HT803G-U/HT803G-W/HT803G-1GE/HT803G GPON devices with firmware versions

CVE-2019-7385

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below, The values of the newpass and confpass parameters in /bin/WebMGR are used in a syst...

CVE-2019-7384

CVE-2019-7384 affects Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON ONTs with firmware

CVE-2019-7384

An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U2.0.0140521R4.1.47.002 or below. The value of the fmgponloid parameter is used in a system call inside the boa binar...

CVE-2019-7383

An issue was discovered on Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W devices with firmware V1.1-R2.1TRUNK-20181105.bin. A shell command injection occurs by editing the description of an ISP file. The file network/isp/ispupdateedit.php does not properly validate user input, which leads to...

CVE-2019-7383

CVE-2019-7383 affects Systrome Cumilon ISG-600C, ISG-600H and ISG-800W with firmware V1.1-R2.1_TRUNK-20181105.bin. The issue is a shell command injection in network/isp/isp_update_edit.php caused by improper validation of the des parameter, enabling arbitrary commands when the ISP file descriptio...

SYSTORME ISG Command Injection

===================================== Authenticated Shell Command Injection ===================================== . contents:: Table Of Content Overview ======== Title : Authenticated Shell command Injection Author: Kaustubh G. Padwad CVE ID: CVE-2019-7383 Vendor: Systrome Networks...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

Debian DSA-4379-1 : golang-1.7 - security update

A vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes a vulnerability in 'go get', which could result in the execution of arbitrary shell commands. C Tenabl...

Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation

Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Date: 2019-01-22 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...

Arbitrary Shell Command Execution

Git-fastclone has a flaw that permits execution of arbitrary shell commands from .gitmodules. Attackers can trigger the execution by instructing a user to run a recursive clone from a repository they control. The attack is possible only if a user configures Git to automatically clone submodules...

Horde Imp - imap_open Remote Command Execution

Exploit for php platform in category web applications Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link:...

Debian: Security Advisory (DSA-4353-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-19908

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php the STIX 1 import code, an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filenam...