CVE-2019-10633

An eval injection vulnerability in the Python web server routing on the Zyxel NAS 326 version 5.21 and below allows a remote authenticated attacker to execute arbitrary code via the tjp6jp6y4, simZysh, and ck6fup6 APIs...

Command injection

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...

Kali Linux 2021.3 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2021.1. This release has various impressive updates. A summary of the changes since the 2021.2 release from June are: OpenSSL - Wide compatibility by default - Keep reading for what that means New Kali-Tools site - Following the footsteps of...

SUSE: Security Advisory (SUSE-SU-2017:3048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-9054

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

Command injection

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

CVE-2020-9054 ZyXEL NAS products running firmware version 5.21 and earlier are vulnerable to pre-authentication command injection in weblogin.cgi

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

CVE-2020-9054

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

CVE-2019-10630

A plaintext password vulnerability in the Zyxel NAS 326 through 5.21 allows an elevated privileged user to get the admin password of the device...

Design/Logic Flaw

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

CVE-2019-10631

Shell Metacharacter Injection in the package installer on Zyxel NAS 326 version 5.21 and below allows an authenticated attacker to execute arbitrary code via multiple different requests...

PT-2015-1639 · Cisco +1 · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software version 9.15.21 Description: The issue is related to the TLS implementation in the Cavium cryptographic-module firmware, which does not verify the MAC field. This allows man-in-the-middle attacke...

Amazon Linux AMI : file (ALAS-2015-497)

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2...

JVN#88862608: Joyful Note vulnerability in handling files

Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Impact A remote attacker may create arbitrary files or delete existing files on the server. As a result, arbitrary code may ...

File Denial of Service Vulnerability (CNVD-2015-00589)

file is a tool for viewing file formats on Unix-like systems. A denial of service vulnerability exists in file 5.08 through 5.21, which allows remote attackers to launch a denial of service attack via a large number of notes...

CVE-2014-9621

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string...

CVE-2014-9620

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes...

CVE-2014-9620

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes...

CVE-2014-9620

CVE-2014-9620 affects the file utility’s ELF parser (versions 5.08–5.21). A remote attacker can cause a denial of service by supplying an overly long string or large number of notes (through ELF parsing). Public references show affected ecosystems including Ubuntu (USN-3686-1), CentOS/RHEL adviso...