Page 3 of 12 results (0.009 seconds)

CVSS: 4.6EPSS: 0%CPEs: 17EXPL: 1

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. • https://www.exploit-db.com/exploits/19095 ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt http://www.securityfocus.com/bid/119 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000%40smooth.Operator.org • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 1

(1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable. • http://marc.info/?l=bugtraq&m=87602167419868&w=2 http://www.dataguard.no/bugtraq/1996_3/0503.html • CWE-264: Permissions, Privileges, and Access Controls •