109 matches found
EUVD-2022-3441
Malicious code in bioql PyPI...
CVE-2025-53943
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...
CVE-2021-22707
A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...
CVE-2021-39232
In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...
mjolnir 安全漏洞
mjolnir is a Matrix open source auditing tool for Matrix. A security vulnerability exists in mjolnir version v1.9.0 that stems from the bot responding to administrative commands in any room, which could allow non-operator users to utilize the bot's functionality...
Apache Zookeeper 安全漏洞
Apache ZooKeeper is a centralized service under the Apache Software Foundation for maintaining configuration information, naming, providing distributed synchronization, and providing group services. An authentication bypass vulnerability exists in Apache ZooKeeper versions prior to 3.9.3. The...
PT-2024-7345 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter
Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker with low privileges to run commands as an...
SaltStack Salt Master Server Root Key Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...
CVE-2024-31442
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...
CVE-2024-31442 Redon-Hub has incorrect permissions on all admin related commands
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...
CVE-2024-31442 Redon-Hub has incorrect permissions on all admin related commands
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...
CVE-2024-31442
CVE-2024-31442 concerns Redon Hub, a Roblox Product Delivery Bot. Pre-1.0.2 versions permit all users to execute admin commands due to a permissions misconfiguration, allowing actions like receiving products for free and deleting/creating/updating products and tags. The only non-affected command ...
PT-2024-24079
Name of the Vulnerable Software and Affected Versions Redon Hub versions prior to 1.0.2 Description The issue affects Redon Hub, a Roblox Product Delivery Bot. In affected versions, all commands can be executed by all users, including admin commands. This allows users to receive products for free...
PT-2024-20959 · Asus · Asus Download Master
Name of the Vulnerable Software and Affected Versions: ASUS Download Master affected versions not specified Description: The issue allows an attacker to execute commands in the context of the web server, running as admin. Recommendations: At the moment, there is no information about a newer versi...
CVE-2023-48646
Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings...
Vulnerability fixed in Ivanti MobileIron Sentry
Ivanti has fixed a vulnerability in MobileIron Sentry. A unauthenticated malicious person with access to the management interface could exploit the vulnerability to use API calls to manipulate the Sentry system and execute commands with administrator privileges. For successful misuse, the malicio...
GHSA-3PMJ-JQQP-2MJ3 matrix-appservice-irc IRC command injection via admin commands containing newlines
Impact It is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Patches Versions 1.0.1 and above are patched. Workarounds There are no robust workaround...
matrix-appservice-irc IRC command injection via admin commands containing newlines
Impact It is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Patches Versions 1.0.1 and above are patched. Workarounds There are no robust workaround...
CVE-2023-38690 matrix-appservice-irc IRC command injection via admin commands containing newlines
matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0....