83 matches found
GLSA-201803-04 : Newsbeuter: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-201803-04 Newsbeuter: User-assisted execution of arbitrary code Newsbeuter does not properly escape shell meta-characters in an RSS item with a media enclosure in the podcast playback function of Podbeuter. Impact : A remote...
CVE-2018-7233
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...
Design/Logic Flaw
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...
CVE-2018-7231
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'...
CVE-2018-7233
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...
CVE-2018-7233
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'modelname' or 'macaddress'...
CVE-2018-7232
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'network.ieee8021x.deletecerts'...
CVE-2018-7235
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sdfile'...
CVE-2018-7231
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow execution of commands due to lack of validation of the shell meta characters with the value of 'system.opkg.remove'...
CVE-2017-5255
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...
Design/Logic Flaw
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...
CVE-2017-5255
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user including the otherwise low-privilege readonly user to inject shell meta-characters as part of a specially-crafted POST request...
F5 Networks BIG-IP : Mailx vulnerabilities (K16945)
CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...
SOL16945 - Mailx vulnerabilities CVE-2004-2771 and CVE-2014-7844
CVE-2014-7844 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell meta characters in an email address. CVE-2004-2771 A flaw was found in the way mailx handled the parsing of email addresses...
Debian DLA-114-1 : heirloom-mailx security update
Two security vulnerabilities were discovered in Heirloom mailx, an implementation of the 'mail' command : CVE-2004-2771 mailx interprets interprets shell meta-characters in certain email addresses. CVE-2014-7844 An unexpected feature of mailx treats syntactically valid email addresses as shell...
DSA-3105-1 heirloom-mailx - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3105-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Verity Search97 2.1 Security Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/162/info A pair of vulnerabilities exist in Verity's Search97 web interface to the Verity search engine. The first vulnerability is due to cgi-bin scripts, s97cgi and s97rcgi failing to check for the existence of certain...
TalentSoft Web+ Application Server (Linux) 4.6 Example Script File Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. In Linux versions of the product, an example script installed in Web+ Web+Ping which fails to correctly filter shell meta...
Debian 2.x,RedHat 6.2,IRIX 5/6, Solaris 2.x Mail Reply-To Field Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1910/info mail is a simple console e-mail client. A vulnerability exists in several vendors' distributions of this program. An attacker can compose an email message with a carefully-formed string in the Reply-To: field...