ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28056)

The ONAP SDNC is a network-defined network controller from the ONAP program. ONAP SDNC suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

ONAP SDNC Operating System Command Injection Vulnerability (CNVD-2020-28055)

The ONAP SDNC is a network-defined network controller from the ONAP program. An operating system command injection vulnerability exists in ONAP SDNC Dublin. An attacker can exploit this vulnerability to execute arbitrary commands with the help of a specially crafted 'filename' parameter...

GraphicsMagick text filename component information disclosure vulnerability

GraphicsMagick is a simple set of image processing tools. The tool provides resizing, rotating, highlighting and other functions to images. A security vulnerability exists in the text filename component of GraphicsMagick versions prior to 1.3.32. The vulnerability can be exploited by a remote...

Palo Alto Networks PAN-OS 8.1.x < 8.1.13 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.13. It is, therefore, affected by a vulnerability. - A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12112

An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

Design/Logic Flaw

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12921

In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG...

CVE-2019-12132

An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected...

CVE-2019-12112

CVE-2019-12112 affects ONAP SDNC (pre-Dublin). The issue arises when an unauthenticated user uses sla/upload with a crafted filename parameter, allowing arbitrary command execution. All SDC setups that include admportal are affected. The provided documents do not specify the exact vulnerable vers...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the php-fpm service running on a server with a configuration that includes a "location" block with a...

CVE-2020-10596

OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section...

OS Command Injection

pulverizr is vulnerable to OS Command Injection. The vulnerability exists as the value of filename is improperly handled by lib/job.js...

Pulverizr Injection Vulnerability

pulverizr is an image compressor. A security vulnerability exists in pulverizr 0.7.0 and earlier versions, which stems from a failure to perform any cleanup on the 'filename' parameter, which is directly used by the function. The vulnerability can be exploited to execute arbitrary commands...

CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

Command Injection

Overview pulverizr is a to smash your images down to size. Affected versions of this package are vulnerable to Command Injection. Within lib/job.js, the variable filename can be controlled by the attacker. This function uses the variable filename to construct the argument of the exec call without...

CVE-2020-1981

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...

CVE-2020-1981

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...

Privilege escalation

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only...