CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46456

GL.iNET GL-AR300M (firmware 3.216) is affected by CVE-2023-46456, where the OpenVPN client file upload functionality can be abused to inject arbitrary shell commands, leading to remote code execution per multiple sources. The vulnerability affects the OpenVPN client file upload path; no official ...

PT-2023-30032 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows for the injection of arbitrary shell commands through a crafted package name in the package information functionality. This can potentially lead to unauthorized access and control ...

Rocky Linux 8 : openssl (RLSA-2022:5818)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems ...

Amazon Linux 2 : openssl-snapsafe (ALASOPENSSL-SNAPSAFE-2023-001)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2023-001 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2023-2486)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because...

CVE-2023-34334

The CVE-2023-34334 entry describes an issue in AMI BMC’s SPX REST API where an attacker with required privileges can inject arbitrary shell commands, potentially enabling code execution, denial of service, information disclosure, or data tampering. Affected product is AMI BMC (SPX REST API compon...

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

PT-2023-24829 · American Megatrends · Ami Bmc

Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue concerns the SPX REST API in AMI BMC, where an attacker with the required privileges can inject arbitrary shell commands. This could potentially lead to code execution, denial of...

BMC AMI 操作系统命令注入漏洞

BMC AMI BMC Automated Mainframe Intelligence is an automated mainframe intelligence solution from BMC USA. A security vulnerability exists in BMC AMI that stems from the presence of an arbitrary shell command injection vulnerability, which could lead to code execution, denial of service,...

BMC AMI 操作系统命令注入漏洞

BMC AMI BMC Automated Mainframe Intelligence is an automated mainframe intelligence solution from BMC USA. A security vulnerability exists in BMC AMI. An attacker exploiting this vulnerability could inject arbitrary shell commands that could lead to code execution, denial of service, information...

Fedora 38 : ImageMagick (2023-d53831b69d)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d53831b69d advisory. Update to 7.1.1.11 2210875 ---- Update to 7.1.1.10 2207788 Security fix for CVE-2023-34151 Security fix for CVE-2023-34152 Security fix for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ImageMagick (SUSE-SU-2023:2344-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2344-1 advisory. - A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors...

CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding...

CVE-2023-34153

A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding...