1774 matches found
CVE-2016-6459
Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0...
CVE-2016-6459
Cisco TelePresence endpoints running CE or TC software are vulnerable to a local shell command injection when input is not properly sanitized. An authenticated, local attacker could exploit this to execute arbitrary commands. Fixed releases are 6.3.4, 7.3.7, 8.2.2, and 8.3.0. Affected releases in...
Observium Remote Command Execution Vulnerability
During a recent penetration test Computest found and exploited various issues in Observium, going from unauthenticated user to full shell access as root. Summary: Unauthenticated remote command execution as root Affected software: Observium Affected versions: Versions downloaded before 26-10-2016...
git-fastclone command execution vulnerability
git-fastclone is a set of tools for cloning git. A command execution vulnerability exists in git-fastclone versions prior to 1.0.5, which stems from a program passing a user-modified string directly to a shell command. The vulnerability can be exploited to execute malicious commands by modifying...
CVE-2015-8968
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
Command injection
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
CVE-2015-8968
git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone...
CVE-2015-8968
CVE-2015-8968 affects git-fastclone prior to 1.0.1, enabling arbitrary shell command execution via .gitmodules when cloning recursively or updating submodules. The exploit occurs through ext helper URLs (git-remote-ext) embedded in submodules, allowing command execution either over cloned repos o...
Samba 3.0.0 <= 3.0.25rc3 MS-RPC Remote Shell Command Execution Vulnerability - Version Check
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
cfme: Incorrect sanitization in regular expression engine
An input validation flaw was found in the way CloudForms regular expressions were passed to the expression engine via both the JSON API and the web based UI. A user with the ability to view collections and filter them could use this flaw to execute arbitrary shell commands on the host with the...
Zabbix Agent 3.0.1 mysql. size shell command injection
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not tested. Background ========== "Zabbix agent is deployed on a...
CentOS Update for setroubleshoot-plugins CESA-2016:1293 centos7
Check the version of setroubleshoot-plugins SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL6.x i386/x86_64 (20160621)
The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fixes : - Shell command injection...
Scientific Linux Security Update : setroubleshoot and setroubleshoot-plugins on SL7.x x86_64 (20160623)
The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fixes : - Shell command injection...
RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1293-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
setroubleshoot security update
CentOS Errata and Security Advisory CESA-2016:1293 An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base scor...
RedHat Update for setroubleshoot and setroubleshoot-plugins RHSA-2016:1267-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for setroubleshoot-plugins CESA-2016:1267 centos6
Check the version of setroubleshoot-plugins SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 6 : setroubleshoot / setroubleshoot-plugins (CESA-2016:1267)
An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: setroubleshoot and setroubleshoot-plugins security update
An update for setroubleshoot and setroubleshoot-plugins is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...