Lucene search
+L

83 matches found

Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.35 views

GLSA-201803-04 : Newsbeuter: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201803-04 Newsbeuter: User-assisted execution of arbitrary code Newsbeuter does not properly escape shell meta-characters in an RSS item with a media enclosure in the podcast playback function of Podbeuter. Impact : A remote...

8.8CVSS8.3AI score0.03078EPSS
Exploits0References2
OSV
OSV
added 2018/03/09 11:29 p.m.6 views

CVE-2018-7233

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

9.8CVSS5.9AI score0.02062EPSS
Exploits0References1
Prion
Prion
added 2018/03/09 11:29 p.m.21 views

Design/Logic Flaw

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

7.5CVSS9.4AI score0.02062EPSS
Exploits0References1Affected Software20
OSV
OSV
added 2018/03/09 11:29 p.m.4 views

CVE-2018-7231

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'...

9.8CVSS5.9AI score0.02062EPSS
Exploits0References1
NVD
NVD
added 2018/03/09 11:29 p.m.20 views

CVE-2018-7233

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

9.8CVSS9.6AI score0.02062EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/09 11:0 p.m.27 views

CVE-2018-7233

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...

9.6AI score0.02062EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/09 11:0 p.m.27 views

CVE-2018-7232

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.deletecerts'...

9.6AI score0.02062EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/09 11:0 p.m.29 views

CVE-2018-7235

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...

7.5AI score0.01643EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/09 11:0 p.m.23 views

CVE-2018-7231

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'...

9.6AI score0.02062EPSS
Exploits0References1
NVD
NVD
added 2017/12/20 10:29 p.m.19 views

CVE-2017-5255

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...

9CVSS8.7AI score0.74556EPSS
Exploits7References2
Prion
Prion
added 2017/12/20 10:29 p.m.17 views

Design/Logic Flaw

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...

9CVSS8.6AI score0.74556EPSS
Exploits7References2Affected Software2
Cvelist
Cvelist
added 2017/12/20 10:0 p.m.27 views

CVE-2017-5255

In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...

8.7AI score0.74556EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2017/04/07 12:0 a.m.58 views

F5 Networks BIG-IP : Mailx vulnerabilities (K16945)

CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...

7.8CVSS7.5AI score0.06858EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2015/07/10 12:0 a.m.35 views

SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844

CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...

7.8CVSS8.1AI score0.06858EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.40 views

Debian DLA-114-1 : heirloom-mailx security update

Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell...

7.8CVSS7.5AI score0.06858EPSS
Exploits1References4
OSV
OSV
added 2014/12/16 12:0 a.m.31 views

DSA-3105-1 heirloom-mailx - security update

Bulletin has no description...

7.8CVSS7.7AI score0.06858EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/12/15 12:0 a.m.28 views

Debian: Security Advisory (DSA-3105-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.06858EPSS
Exploits1References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Verity Search97 2.1 Security Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/162/info A pair of vulnerabilities exist in Verity's Search97 web interface to the Verity search engine. The first vulnerability is due to cgi-bin scripts, s97cgi and s97rcgi failing to check for the existence of certain...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

TalentSoft Web+ Application Server (Linux) 4.6 Example Script File Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. In Linux versions of the product, an example script installed in Web+ Web+Ping which fails to correctly filter shell meta...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

Debian 2.x,RedHat 6.2,IRIX 5/6, Solaris 2.x Mail Reply-To Field Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1910/info mail is a simple console e-mail client. A vulnerability exists in several vendors' distributions of this program. An attacker can compose an email message with a carefully-formed string in the Reply-To: field...

7.1AI score
Exploits0
Rows per page
Query Builder