16 matches found
EUVD-2025-25810
Malicious code in bioql PyPI...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
CVE-2025-50974
The CVE-2025-50974 issue affects IPFire 2.29: the Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) does not sanitize user input before embedding parameters into a shell command. This allows an unauthenticated, remote attacker to inject arbitrary OS commands by supplying shell metachar...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
PT-2025-34797 · Ipfire · Ipfire
Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The Calamaris log exporter CGI script /cgi-bin/logs.cgi/calamaris.dat does not properly sanitize user-supplied input before using it in shell commands. This allows a remote, unauthenticated attacker to inject...
CVE-2025-50974
The Calamaris log exporter CGI /cgi-bin/logs.cgi/calamaris.dat in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can inject arbitrary OS commands by embedding shell metacharacters in any of...
Synology DiskStation Manager Improper Encoding or Escaping of Output (CVE-2018-8920)
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Improper Escape Neutralization Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An improper escape neutralization vulnerability exists in Log Exporter in Synology DSM versions prio...
Input validation
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format...
CVE-2018-8920
CVE-2018-8920 affects Synology DiskStation Manager (DSM) prior to 6.1.6-15266, via the Log Exporter. The root cause is improper neutralization of escape characters when exporting an archive in CSV format, enabling remote attackers to inject arbitrary content with an unspecified impact. The vulner...
PT-2018-18718 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.6-15266 Description: The issue is related to improper neutralization of escape in the Log Exporter component, allowing remote attackers to inject arbitrary content when exporting an archi...