216 matches found
CVE-2023-38319
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38318
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38317
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38323
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38318
OpenNDS before 10.1.3 is affected. The issue arises from inadequate sanitization of the gateway FQDN entry in the configuration file, allowing an attacker with access to that file to execute arbitrary OS commands. Impact is high: confidentiality, integrity, and availability can be compromised (CV...
CVE-2023-38317
OpenNDS
openNDS Security Vulnerabilities
openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS prior to version 10.1.3 that stems from an inability to clean up a network interface name entry in a configuration file, allowing an attacker with direct or indirect access...
CVE-2023-38319
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38317
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38323
OpenNDS before 10.1.3 contains a vulnerability where the status path script entry in the configuration file is not sanitized, allowing attackers with direct or indirect access to that file to execute arbitrary OS commands. CVSSv3.1 base score 9.8 (CRITICAL) with Network attack vector, no privileg...
CVE-2023-38318
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38319
CVE-2023-38319 affects OpenNDS prior to 10.1.3. The issue is that the configuration file’s FAS key entry is not sanitized, allowing an attacker with direct or indirect access to the file to execute arbitrary OS commands. The vulnerability impact is described as high/critical in CVSS v3.1 (AV:N/AC...
CVE-2023-38319
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38318
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38317
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38318
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38319
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
CVE-2023-38323
An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...
PT-2024-12709 · Opennds +1 · Opennds +1
Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 10.1.3 Description: An issue was discovered in OpenNDS where it fails to sanitize the gateway FQDN entry in the configuration file. This allows attackers with direct or indirect access to the configuration file to...
PT-2024-12710 · Opennds +1 · Opennds +1
Name of the Vulnerable Software and Affected Versions: OpenNDS versions prior to 10.1.3 Description: An issue was discovered in OpenNDS where it fails to sanitize the FAS key entry in the configuration file. This allows attackers with direct or indirect access to the configuration file to execute...