6 matches found
Command injection
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line...
CVE-2018-12268
acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line...
CVE-2018-12268
CVE-2018-12268 affects acccheck 0.2.1; vulnerable component is acccheck.pl, allowing Command Injection via shell metacharacters in a username or password file, as demonstrated by an injected smbclient command line. Root cause: lack of input filtering/validation. Impact: remote code execution with...
CVE-2018-12268
Removed by vendor...
Links ELinks SMBClient远程命令执行漏洞
Links ELinks是一款web浏览器。 Links ELinks存在一个缺陷,允许恶意web站点在目标机器上执行smbclient命令,此缺陷可能导致从目标系统上读取任意文件或者上传恶意文件到目标系统并执行。 具体问题代码如下: smbfunc in smb.c: ... 143 if share 144 if !dir || dirstrlendir - 1 == '/' || dirstrlendir - 1 == '\' 145 if dir 146 vn++ = "-D"; 147 vn++ = dir; 148 149 vn++ = "-c"; 150 vn++ =...
[Full-disclosure] Links smbclient command execution
Links smbclient command execution ----------------------------------------------------------------------------- There is a flaw in the Links web browser, that allows malicious web sites to execute smbclient commands on the victim's machine. This flaw makes it possible to read any file from the...