FUXA Command Injection Vulnerability

FUXA is an open source web-based process visualization SCADA/HMI/Dashboard software. A security vulnerability exists in FUXA version 1.1.13, which stems from a Remote Command Execution RCE vulnerability in the /api/runscript endpoint. An attacker can exploit the vulnerability to execute arbitrary...

CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2023-33831

A remote command execution RCE vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2023-33831

CVE-2023-33831 affects FUXA 1.1.13 via the unauthenticated /api/runscript endpoint, enabling remote code execution through a crafted POST request. The underlying issue allows attackers to execute arbitrary commands, potentially compromising the SCADA/HMI system. Affected component: runscript API ...

PT-2023-4830

Name of the Vulnerable Software and Affected Versions FUXA version 1.1.13 Description A remote command execution vulnerability in the "/api/runscript" endpoint allows attackers to execute arbitrary commands via a crafted POST request. This issue is related to the lack of input data sanitization,...

The vulnerability of the H2 database management system, related to improper code generation, allows a hacker to execute arbitrary code.

The vulnerability of the H2 database management system is related to incorrect code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code using the jdbc:h2:mem function. The settings contained in this function are as follows: IGNOREUNKNOWNSETTINGS=TRUE;...

DEBIAN-CVE-2022-23221

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...

CVE-2018-7764

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. There is a directory traversal vulnerability in the processing of the 's' parameter of the applet...

Schneider Electric U.motion Builder runscript directory traversal vulnerability

U.motion Builder is a builder product from Schneider Electric France. A directory traversal vulnerability exists in the Schneider Electric U.motion Builder runscript. When handling the 's' parameter of a small application. An attacker could exploit the vulnerability to expose files from the syste...

MUNGE: Privilege escalation

Background An authentication service for creating and validating credentials. Description It was discovered that Gentoo’s default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown on a user...

GLSA-201706-01 : MUNGE: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201706-01 MUNGE: Privilege escalation It was discovered that Gentoos default MUNGE installation suffered from a privilege escalation vulnerability munge user to root due to improper permissions and a runscript which called chown o...

PT-2017-9768 · Moxa · Moxa Awk-3131A Wireless Access Point

Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A Wireless Access Point version 1.1 Description: An exploitable null pointer dereference issue exists in the Web Application /forms/web runScript iw filename functionality. This can be triggered by an HTTP POST request with a bla...

Adobe InDesign Server SOAP interface RunScript command execution

Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...

Adobe InDesign Server SOAP interface RunScript command execution

Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...

CVE-2012-3483

CVE-2012-3483 describes a local privilege-escalation race condition in Tunnelblick prior to 3.3beta20, where an attacker can gain high-level privileges by replacing a script file via the vulnerable runScript function. The NVD entry notes a CVSS v2 base score of 6.2 (MEDIUM) with local access and ...

CVE-2012-3483

Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file...