83 matches found
openSUSE Security Update : python-cupshelpers (openSUSE-SU-2011:1331-2)
This update fixes a typo from the previous update : system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org CVE-2011-4405. This update disables the printer driver download feature. system-config-printer did not properly quote shell meta...
openSUSE Security Update : aaa_base (openSUSE-SU-2011:0207-1)
shell meta characters in file names could cause interactive shells to execute arbitrary commands when performing tab expansion CVE-2011-0468. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : dhcpcd (openSUSE-SU-2011:0352-1)
A rogue dhcp server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the dhcp client needs to sanitize the host name offered by the server CVE-2011-0996. This update also fixes...
openSUSE Security Update : dhcp (openSUSE-SU-2011:0321-1)
A rogue dhcp server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the dhcp client needs to sanitize the host name offered by the server CVE-2011-0997. %NASLMINLEVEL 70300 C...
openSUSE Security Update : python-cupshelpers (openSUSE-SU-2011:1331-2)
This update fixes a typo from the previous update : system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org CVE-2011-4405. This update disables the printer driver download feature. system-config-printer did not properly quote shell meta...
Remote Command Injection
Unsanitized input is passed to the shell. A malicious user can inject shell commands by sending shell meta characters like ';' in some variables...
Ruby Gem Webbynode 1.0.5.3 Command Injection
Command injection in Ruby Gem Webbynode 1.0.5.3 Date: 11/11/2014 Author: Larry W. Cashdollar, @larry0 Download: http://rubygems.org/gems/webbynode Vulnerability Description: The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user supplied input befor...
CVE-2012-6297 - Command Injection via CSRF on DD-WRT v24-sp2
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...
DD-WRT 24-sp2 CSRF / Command Injection
DD-WRT v24-sp2 is prone to command injection from specially crafted configuration values containing shell meta-characters. A remote attacker can potentially use CSRF from an authenticated client to execute commands on the router as the root user. Successful exploitation can result in system wide...
SuSE 11.1 Security Update : system-config-printer (SAT Patch Number 5607)
The following issues have been fixed : - system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org CVE-2011-4405. This update disables the printer driver download feature. - system-config-printer did not properly quote shell meta characters in...
SuSE 10 Security Update : dhcp6 (ZYPP Patch Number 7465)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
Debian Security Advisory DSA 2217-1 (dhcp3)
The remote host is missing an update to dhcp3 announced via advisory DSA 2217-1. OpenVAS Vulnerability Test $Id: deb22171.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2217-1 dhcp3 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
openSUSE Security Update : dhcpcd (openSUSE-SU-2011:0385-1)
This update fixes the following security issue : A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by...
SuSE 11.1 Security Update : dhcpcd (SAT Patch Number 4389)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 Note this update is...
SuSE 10 Security Update : dhcp6 (ZYPP Patch Number 7464)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
SuSE 10 Security Update : dhcp (ZYPP Patch Number 7456)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
[SECURITY] [DSA 2216-1] isc-dhcp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2216-1 [email protected] http://www.debian.org/security/ Nico Golde April 10, 2011 http://www.debian.org/security/faq -...
SuSE9 Security Update : dhcp (YOU Patch Number 12698)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0996 %NASLMINLEVEL 70300 C...
SuSE 11.1 Security Update : dhcp (SAT Patch Number 4315)
A rogue DHCP server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the DHCP client needs to sanitize the host name offered by the server. CVE-2011-0997 %NASLMINLEVEL 70300 C...
FreeBSD : isc-dhcp-client -- dhclient does not strip or escape shell meta-characters (7e69f00d-632a-11e0-9f3a-001d092480a4)
ISC reports : ISC dhclient did not strip or escape certain shell meta-characters in responses from the dhcp server like hostname before passing the responses on to dhclient-script. Depending on the script and OS, this can result in execution of exploit code on the client. %NASLMINLEVEL 70300 C...