LunarNight Laboratory WebProxy 安全漏洞

Lunarnight Laboratory LunarNight Laboratory WebProxy is a perl script for web proxies from Lunarnight Laboratory Vietnam. A security vulnerability exists in LunarNight Laboratory WebProxy versions 1.7.8 through 1.7.9 that originates from a vulnerability that could allow an unauthenticated, remote...

The vulnerability of the microprogrammed software of the cloud-controlled switch Ruijie Reyee series RG-ES200 allows a intruder to execute arbitrary code.

The vulnerability of the microprogrammed cloud-controlled switch Ruijie Reyee series RG-ES200 is related to the lack of measures taken to neutralize special elements used in the OS command. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

GHSA-X9R9-48RM-4XM6 FitNesse allows execution of arbitrary OS commands

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands...

Fluid Security Vulnerability

Fluid is an open source Kubernetes native distributed dataset orchestrator and gas pedal from the Cloud Native Computing Foundation Foundation for data-intensive applications such as big data and AI applications. A security vulnerability exists in versions of Fluid prior to v0.9.3. An attacker...

CVE-2024-27889

Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall NGFW. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with...

The vulnerability of the File Transfer Protocol (FTP) implementation in the microprogrammed networking devices of ZyXEL USG FLEX, USG FLEX 50(W)/USG20(W)-VPN, USG FLEX H, and ATP allows a perpetrator to execute arbitrary commands.

The vulnerability of the File Transfer Protocol FTP implementation in microprogrammed network devices such as ZyXEL USG FLEX, USG FLEX 50W/USG20W-VPN, USG FLEX H, and ATP lies in the lack of measures to neutralize special elements used in operating system commands during the loading of binary...

The vulnerability of the FontForge font editing software lies in its lack of measures to neutralize special elements used in operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of the FontForge font editing software exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the FontForge font editing software lies in its lack of measures to neutralize special elements used in operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of the FontForge font editing software exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2023-6398

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN...

Command injection

A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50W series firmware versions from 4.16 through 5.37 Patch 1, USG20W-VPN...

Zyxel ATP Security Vulnerability

The Zyxel ATP is a firewall from China's Heqin Zyxel. A security vulnerability exists in Zyxel ATP firmware versions 4.32 through 5.37 Patch 1, which originates from a vulnerability that could allow an authenticated attacker to execute certain operating system commands on the affected device via...

Dell Unity Command Injection Vulnerability (CNVD-2024-09158)

Dell Unity is a unified hybrid storage array for general purpose workloads both locally and in the cloud. A command injection vulnerability exists in Dell Unity, which can be exploited by a local attacker to execute arbitrary operating system commands with elevated privileges...

Command injection

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svcoscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to...

CVE-2024-22225

Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svcsupportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges...

CVE-2024-22228

Dell Unity (prep 5.4) contains an OS command injection in the svc_cifssupport utility. An authenticated, local attacker could escape the restricted shell and run arbitrary OS commands with root privileges. Affected software: Dell Unity versions prior to 5.4. Root cause: lack of safeguards to neut...

CVE-2024-0168

CVE-2024-0168 affects Dell Unity prior to 5.4, with a vulnerability in the svc_oscheck utility that allows an authenticated attacker to inject and execute OS commands with root privileges. The root cause is inadequate neutralization of input/command elements in the utility, resulting in a local c...

CVE-2024-0168

Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svcoscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a unified hybrid storage array for general purpose workloads both locally and in the cloud. A command injection vulnerability exists in Dell Unity, which can be exploited by a local attacker to execute arbitrary operating system commands on the application's underlying operating...

The vulnerability of the graphical interface of the FortiSIEM security management system allows a hacker to execute arbitrary commands.

The vulnerability of the FortiSIEM security management graphical interface is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the microprogrammed software of the BUFFALO VR-S1000 routers lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a perpetrator to execute arbitrary commands of the operating system.

The vulnerability of the Cacti network monitoring software is related to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pollers.php script...