415 matches found
CVE-2024-22188
TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...
Command injection
TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...
CentOS 9 : texlive-20200406-26.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs...
Exploit for OS Command Injection in Gl-Inet Gl-Ar300M_Firmware
GL.iNet Multiple Vulnerabilities This repository contains the...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
CVE-2023-43072
Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...
CVE-2023-43072
Dell SmartFabric Storage Software v1.4 and earlier contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands...
PT-2023-28682 · Dell · Dell Smartfabric Storage
Name of the Vulnerable Software and Affected Versions: Dell SmartFabric Storage Software versions 1.4 and earlier Description: The issue is related to an improper access control vulnerability in the Command Line Interface CLI of the software. A local, possibly unauthenticated attacker could explo...
Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution
Overview Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. Description Freewill Solutions IFIS new...
HCL Technologies BigFix Mobile 命令注入漏洞
HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...
Oracle Linux 8 / 9 : texlive (ELSA-2023-3661)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3661 advisory. 9:20200406-26 - Resolves: 2209872, CVE-2023-32700 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...
CVE-2023-34334
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...
CVE-2023-34343
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...
PT-2023-12820 · Percona +1 · Percona Xtrabackup +1
Name of the Vulnerable Software and Affected Versions: Percona XtraBackup versions 2.2.0 through 2.2.24 Percona XtraBackup versions 3.0.0 through 8.0.27-19 Description: A crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...
Fedora 37 : texlive-base (2023-d261122726)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d261122726 advisory. Fix CVE-2023-32700 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
SUSE SLES15: libkpathsea6 / libptexenc1 / libsynctex1 / libtexlua52-5 / etc (SUSE-SU-2023:2285-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2285-1 advisory. - CVE-2023-32700: Fixed arbitrary code execution in LuaTeX bsc1211389. Tenable has extracted the preceding description block...
Debian DSA-5406-1 : texlive-bin - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5406 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets t...
Osprey Pump Controller 操作系统命令注入漏洞
Osprey Pump Controller is a pump controller from Osprey. A security vulnerability exists in Osprey Pump Controller version 1.01, which stems from an operating system command injection vulnerability. The vulnerability can be exploited to inject and execute arbitrary shell commands via the index.ph...
Debian: Security Advisory (DSA-2021-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-27635
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...