Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

EUVD-2016-9530

Malware in sbrugna...

EUVD-2011-3903

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-37574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple use-after-free vulnerabilities exist in the VCD getvartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitra...

CVE-2017-15647

On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value...

fcgi2 安全漏洞

fcgi2 is a FastCGI developer's toolkit from FastCGI-Archives open source. A security vulnerability exists in fcgi2 versions 2.x through 2.4.4, which stems from the presence of an integer overflow that allows an attacker to send data to an IPC socket with a carefully crafted nameLen or valueLen...

PT-2024-12641 · Gtkwave · Gtkwave

Name of the Vulnerable Software and Affected Versions: GTKWave version 3.3.115 Description: The issue is related to multiple use-after-free vulnerabilities in the VCD get vartoken realloc functionality. A specially crafted .vcd file can lead to arbitrary code execution when opened by a victim,...

SUSE CVE-2011-1494

Integer overflow in the ctldomptcommand function in drivers/scsi/mpt2sas/mpt2sasctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service memory corruption via an ioctl call specifying a crafted value that triggers a heap-based buffer...

SUSE CVE-2013-3221

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

Command injection

DISPUTED OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

CVE-2022-31861

Cross site Scripting XSS in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs...

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

TCL LinkHub Mesh Wi-Fi 安全漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...

CVE-2020-7877 ZOOK solution(remote administration tool) buffer overflow vulnerability

A buffer overflow issue was discovered in ZOOK solutionremote administration tool through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command...

CVE-2021-30124

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...

Code injection

The unofficial vscode-phpmd aka PHP Mess Detector extension before 1.3.0 for Visual Studio Code allows remote attackers to execute arbitrary code via a crafted phpmd.command value in a workspace folder...