Vulnerabilities > Pizzashack
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-02-06 | CVE-2019-3464 | Improper Initialization vulnerability in multiple products Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 |
2019-02-06 | CVE-2019-3463 | Argument Injection or Modification vulnerability in multiple products Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | 9.8 |
2019-02-04 | CVE-2019-1000018 | Command Injection vulnerability in multiple products rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command execution. | 7.8 |
2013-01-11 | CVE-2012-2252 | Remote Arbitrary Command Execution vulnerability in rssh Command Line Filtering Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. local pizzashack | 4.4 |
2013-01-11 | CVE-2012-2251 | Improper Input Validation vulnerability in Pizzashack Rssh 2.3.2 rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. | 4.4 |
2012-08-31 | CVE-2012-3478 | Permissions, Privileges, and Access Controls vulnerability in Pizzashack Rssh rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. | 2.1 |
2004-10-23 | CVE-2004-1628 | USE of Externally-Controlled Format String vulnerability in Pizzashack Rssh Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code. | 9.0 |