Command injection

An issue discovered in shell command execution in ROS2 Robot Operating System 2 Foxy Fitzroy, with ROSVERSION=2 and ROSPYTHONVERSION=3 allows an attacker to run arbitrary commands and cause other impacts...

PT-2024-14064 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Foxy Fitzroy Description: An issue was discovered in shell command execution in ROS2, allowing an attacker to run arbitrary commands and cause other impacts. The issue is related to the ROS VERSION=2 and ROS PYTH...

Axis Communications Multiple IP Cameras Command Injection (CVE-2018-10660)

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Exploit for Argument Injection in Linuxmint Xreader

CVE-2023-44452, CVE-2023-51698: Linux Mint Xreader/MATE Atril...

CVE-2023-49235

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

Input validation

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

CVE-2023-49235

The CVE-2023-49235 entry affects TRENDnet TV-IP1314PI devices (firmware 5.5.3 200714) via libremote_dbg.so. The root cause is mishandled filtering of debug information during use of popen, which can allow an attacker to bypass validation and execute a shell command. Red Hat/NVD entries corroborat...

TRENDnet TV-IP1314PI Security Vulnerability

The TRENDnet TV-IP1314PI is a wireless network camera from TRENDnet. A security vulnerability exists in TRENDnet TV-IP1314PI version 5.5.3 200714, which stems from a security issue in libremotedbg.so, which incorrectly filters debugging information during popen use, and can be exploited by an...

PT-2024-13704 · Trendnet · Trendnet Tv-Ip1314Pi

Name of the Vulnerable Software and Affected Versions: TRENDnet TV-IP1314PI version 5.5.3 200714 Description: An issue was discovered in libremote dbg.so where filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell...

CVE-2023-49235

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

CVE-2023-49235

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

NewStart CGSL MAIN 5.04 : openssl Vulnerability (NS-SA-2023-0069)

The remote NewStart CGSL host, running version MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

DEBIAN-CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-32728 Code injection in zabbix_agent2 smart.disk.get caused by smartctl plugin

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...