Command injection

Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcoreenableshellaccess and executing the "shell" command...

Amazon Linux AMI : mailx (ALAS-2015-467)

A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771 , CVE-2014-7844...

Medium: mailx

Issue Overview: A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. CVE-2004-2771...

USN-2455-1 bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...

Debian DSA-3114-1 : mime-support - security update

Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. %NASLMINLEVEL 7030...

[SECURITY] [DLA 125-1] mime-support security update

Package : mime-support Version : 3.48-1+deb6u1 CVE ID : CVE-2014-7209 Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could...

[SECURITY] [DSA 3114-1] mime-support security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3114-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 29, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3114-1] mime-support security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3114-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 29, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3114-1 (mime-support - security update)

Timothy D. Morgan discovered that run-mailcap, an utility to execute programs via entries in the mailcap file, is prone to shell command injection via shell meta-characters in filenames. In specific scenarios this flaw could allow an attacker to remotely execute arbitrary code. OpenVAS...

openSUSE Security Update : mailx (openSUSE-SU-2014:1713-1)

This mailx update fixes the following security issue : bsc909208: shell command injection via crafted email addresses CVE-2004-2771, CVE-2014-7844 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

DSA-3114-1 mime-support - security update

Bulletin has no description...

DLA-125-1 mime-support - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3114-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Digium Asterisk Manager User Shell Command Execution - Ver2 (CVE-2012-2414)

A security bypass vulnerability has been reported in Digium Asterisk. The vulnerability is due to an error in the way the server validates permissions while executing shell commands from unauthorized users. A remote attacker can exploit this issue by sending specially crafted AMI requests to the...

SuSE 11.3 Security Update : mailx (SAT Patch Number 10096)

This mailx update fixes the following security issues : - Shell command injection via crafted email addresses. CVE-2004-2771 / CVE-2014-7844. bnc909208 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...

Debian DSA-3105-1 : heirloom-mailx - security update

Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : - CVE-2004-2771 mailx interprets shell meta-characters in certain email addresses. - CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell commands ...

DLA-114-1 heirloom-mailx - security update

Bulletin has no description...

[SECURITY] [DSA 3105-1] heirloom-mailx security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3105-1 [email protected] http://www.debian.org/security/ Florian Weimer December 16, 2014 http://www.debian.org/security/faq -...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...

Bash Environment Variable Handling Shell Command Injection Via CUPS

Added: 11/05/2014 CVE: CVE-2014-6271 BID: 70103 OSVDB: 112004 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. CUPS is printing software for UNIX-like systems that allows a computer to act as a print server. Problem The Bash shell executes command...