1774 matches found
CVE-2022-2068
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
CVE-2022-2068
The Connected documents corroborate CVE-2022-2068 as a real OpenSSL issue: c_rehash can pass certificate filenames to shell commands, enabling local command execution. Fixed in OpenSSL 3.0.4 (affecting 3.0.0–3.0.3), in OpenSSL 1.1.1p (affecting 1.1.1–1.1.1o), and in OpenSSL 1.0.2zf (affecting 1.0...
CVE-2022-2068
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
Vulnerability in OpenSSL - The c_rehash script allows command injection
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
CVE-2022-2068
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
OpenSSL 1.1.1 < 1.1.1p Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1p. It is, therefore, affected by a vulnerability as referenced in the 1.1.1p advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenSSL vulnerability (USN-5488-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5488-1 advisory. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to...
Denial Of Service (DoS)
busybox is vulnerable denial of service. The vulnerability exists due to a pointer free in Busybox's hush applet when processing a crafted shell command...
Open redirect
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...
CVE-2017-14476
In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Solaris, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...
GHSA-97GM-MCV6-CPHM Shell command injection in Liferay Portal
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...
Shell command injection in Liferay Portal
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template...
GHSA-P5F9-C9J9-G8QX Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
Shell command injection in gitea
Gitea before 1.16.7 does not escape the shell out for git fetch remote allowing for shell command injection...
Arbitrary shell command execution in Jenkins EC2 Plugin
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...
GHSA-WP79-CPV2-9G7M Arbitrary shell command execution in Jenkins EC2 Plugin
Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only...
GHSA-JCCV-3H4X-35MV Codiad Vulnerable to Shell Command Injection
components/filemanager/class.filemanager.php in Codiad before 2.8.3 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by searchfiletype...
NewStart CGSL CORE 5.05 / MAIN 5.05 : sssd Vulnerability (NS-SA-2022-0044)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has sssd packages installed that are affected by a vulnerability: - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows...
NewStart CGSL CORE 5.04 / MAIN 5.04 : sssd Vulnerability (NS-SA-2022-0013)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sssd packages installed that are affected by a vulnerability: - A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs- fetch and cache-expire subcommands. This flaw allows...
PT-2022-20314
Name of the Vulnerable Software and Affected Versions Gitea versions 1.16.6 and prior Description The issue is related to the improper handling of git fetch, allowing for shell command injection. This is due to the lack of escaping for the git fetch remote. There is no information provided about...