Shell Command Injection

egg-scripts is vulnerable to shell command injection attacks. The attack exists because the library uses the execFile function which is not properly sanitized, allowing the attacker to inject malicious shell commands through command line argument...

Git-fastclone passes user modifiable strings directly to a shell command

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...

GHSA-MF6W-45CF-QHMP Git-fastclone passes user modifiable strings directly to a shell command

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...

GHSA-8GG6-3R63-25M8 git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

git-fastclone permits arbitrary shell command execution from .gitmodules

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...

Node.js third-party modules: [ascii-art] Command injection

I would like to report a command injection vulnerability in the ascii-art npm module. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: ascii-art version: 1.4.3 npm page: https://www.npmjs.com/package/ascii-art Module Description...

Node.js third-party modules: [egg-scripts] Command injection

I would like to report a command injection vulnerability in egg-scripts. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: egg-scripts version: 2.6.0 npm page: https://www.npmjs.com/package/egg-scripts Module Description "deploy...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection...

CVE-2018-10660

CVE-2018-10660 affects Axis Network Cameras. The connected sources confirm a shell command injection vulnerability in multiple Axis IP Camera models, enabling unauthenticated remote command execution through the .srv-to-parhand flow in the device’s UI/API, potentially giving root/system-level acc...

CVE-2018-12591

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. An attacker with access to an admi...

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”

A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Ax...

Security Bulletin: IBM SONAS Administrator password can be read by the root user from the shell command history (CVE-2014-3045)

Summary A fix is available for IBM SONAS, for the security issue that after changing password of administrative user, the password can be read by the root user from the shell command history. Vulnerability Details CVEID: CVE-2014-3045 DESCRIPTION: One of the purposes of chuser command is to modif...

Security Bulletin: While changing password of administrative user, the supplied password is exposed in shell command history on IBM Storwize V7000 Unified (CVE-2014-3045)

Summary A fix is available for IBM Storwize V7000 Unified for the security issue where the password is exposed in the shell command history while changing the password of administrative user. Vulnerability Details CVEID: CVE-2014-3045 DESCRIPTION: One of the purposes of chuser command is to modif...

Security Bulletin: IBM QRadar SIEM is vulnerable to shell command injection vulnerability in the admin panel. (CVE-2015-4930, CVE-2015-2016 )

Summary IBM QRadar SIEM is vulnerable to a shell command injection the in admin panel if logged in as an admin user. Vulnerability Details CVE-ID: CVE-2015-4930 Description: IBM QRadar could allow a user authenticated with admin access, to execute commands on the server as root. CVSS Base Score:8...

Security Bulletin: IBM Security Network Protection is affected by Shell Command Injection vulnerability (CVE-2014-6183)

Summary A Shell Command Injection vulnerability has been discovered in IBM Security Network Protection. Vulnerability Details CVE-ID: CVE-2014-6183 Description: IBM Security Network Protection could allow a remote attacker to execute arbitrary commands on the system. An authenticated attacker cou...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

MMM mmm_agentd shell command injection vulnerability (CNVD-2018-15654)

MySQL Multi-Master Replication Manager MMM is a set of flexible scripts that performs monitoring/failover and management of MySQL master-master replication configurations. mmmagentd is an agent daemon that runs on each MySQL server and provides a simple set of remote services to the monitoring...