EUVD-2020-17558

Malware in sbrugna...

CVE-2022-40641

CVE-2022-40641 affects Ansys SpaceClaim 2022 R1. The issue is an out-of-bounds write in the parsing of X_B files, caused by inadequate validation of user-supplied data, which can allow code execution in the context of the current process. Exploitation requires user interaction (the target must vi...

CVE-2020-24849

A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the pageconfigadv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-173...

Remote code execution

A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the pageconfigadv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-173...

CVE-2019-17317

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the UpgradeWizard module by an Admin user...

CVE-2019-17317

SugarCRM vulnerability CVE-2019-17317 affects SugarCRM before 8.0.4 and 9.x before 9.0.2, where an Admin can trigger PHP object injection via the UpgradeWizard module. The root cause is input handling in UpgradeWizard that allows object injection, enabling impact as described in affected advisori...

Design/Logic Flaw

Shell Metacharacter Injection in www/modules/save.php in FruityWifi aka PatatasFritas/PatataWifi through 2.4 allows remote attackers to execute arbitrary code with root privileges via a crafted modname parameter in a POST request. NOTE: unlike in CVE-2018-17317, the attacker does not need a valid...

CVE-2018-17317

FruityWifi aka PatatasFritas/PatataWifi 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iomode, apmode, ioaction, ioiniface, ioinset, ioinip, ioinmask, ioingw, iooutiface, iooutset, iooutmask, iooutgw, iface, or domain parameter to...

CVE-2018-17317

CVE-2018-17317: FruityWifi is affected by remote command execution via shell metacharacters in numerous parameters (io_mode, ap_mode, io_action, io_in_, iface, domain, newSSID, hostapd_ and supplicant_ssid) sent to /www/script/config_iface.php or /www/page_config.php. This enables an attacker to ...

CVE-2018-17317

FruityWifi aka PatatasFritas/PatataWifi 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iomode, apmode, ioaction, ioiniface, ioinset, ioinip, ioinmask, ioingw, iooutiface, iooutset, iooutmask, iooutgw, iface, or domain parameter to...

CVE-2017-17317

The CVE-2017-17317 entry concerns a buffer overflow in the Common Open Policy Service (COPS) module of Huawei devices (e.g., USG6300, Secospace USG6500/6600, TE/ V series). Root cause: insufficient input validation in the COPS module, allowing an unauthenticated, remote attacker who can control t...

Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in the Common Open Policy Service Protocol COPS module of some Huawei products. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful...