Command Injection

czproject/git-php is vulnerable to command injection. A remote attacker is able to use additional flags to perform command injections via the isRemoteUrlReadable function since the url and refs parameter passing process to the git ls-remote subcommand, allows additional flags to be set...

CVE-2022-25866

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...

Command injection in cocoapods-downloader

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocessoptions function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a...

GHSA-3F95-R44V-8MRG Command injection in simple-git

The package simple-git before 3.3.0 is vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options, it was possible to get arbitrary...

CVE-2022-24433 Command Injection

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

Github-Todos 操作系统命令注入漏洞

Github-Todos is used to convert Todo to Github issues by the French individual developer Nicolas Chambrier. A security vulnerability exists in naholyr github-todos 3.1.0, which stems from the range parameter of the hook subcommand being concatenated without any validation and used directly by the...

sssd: shell command injection in sssctl

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

UBUNTU-CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest...

CVE-2020-6760

Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS commands as root via shell metacharacters to an entry on the SSH subcommand menu, as demonstrated by ping...

CVE-2017-11061

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCANL80211VENDORSUBCMDROAM, a buffer over-read can occur...

Ubuntu 14.04 LTS / 16.04 LTS : Git vulnerability (USN-3438-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3438-1 advisory. It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell...

USN-3438-1 git vulnerability

It was discovered that Git incorrectly handled certain subcommands such as cvsserver. A remote attacker could possibly use this issue via shell metacharacters in modules names to execute arbitrary code. This update also removes the cvsserver subcommand from git-shell by default...

openSUSE Security Update : irssi (openSUSE-2017-241)

The IRC textmode client irssi was updated to version 1.0.1 to fix bugs and security issues. irssi 1.0.1 : - Fix Perl compilation in object dir - Fix incorrect HELP SERVER example - Correct memory leak in /OP and /VOICE - Fix regression that broke second level completion - Correct missing NULL...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with subcommand...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Android One - mtwifi IOCTLGETSTRUCT Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with...

Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=678 The wireless driver for the Android One sprout devices has a bad copyfromuser in the handling for the wireless driver socket private read ioctl IOCTLGETSTRUCT with subcommand PRIVCMDSWCTRL. This ioctl is permitted for access fr...

Oracle Linux 5 : busybox (ELSA-2012-0308)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0308 advisory. 1:1.2.0-13 - Resolves: 768083 'busybox various flaws' including: 'buffer underflow in decompression' 'udhcpc insufficient checking of DHCP options'...

SuSE 11.1 Security Update : openssl (SAT Patch Number 6350)

This update of openssl fixes the following denial of service vulnerabilities : - Denial of Service via CBC mode handling. CVE-2012-2333 - A deadlock condition introduced by the previous memory leak fix due to entering a lock twice. This would only happen in multithreaded programs. In addition,...