Code injection

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

CVE-2017-14853

The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device...

Command Injection in Xstream

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

OS Command Injection

mailx is vulnerable to OS command injection. A syntactically valid email address could allow a local attacker to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality...

Design/Logic Flaw

On D-Link DAP-1530 A1 before firmware version 1.06b01, DAP-1610 A1 before firmware version 1.06b01, DWR-111 A1 before firmware version 1.02v02, DWR-116 A1 before firmware version 1.06b03, DWR-512 B1 before firmware version 2.02b01, DWR-711 A1 through firmware version 1.11, DWR-712 B1 before...

CVE-2019-5424

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user...

CVE-2019-5425

In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privileges to root...

EulerOS Virtualization 2.5.4 : ghostscript (EulerOS-SA-2019-1215)

According to the versions of the ghostscript package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The settextdistance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does...

Apple macOS Mojave Time Machine has an unspecified vulnerability

Apple macOS Mojave is a specialized operating system developed by Apple for Mac computers.Time Machine is one of the system, file backup components. An unspecified vulnerability exists in the Time Machine component of Apple macOS Mojave versions prior to 10.14.4. A local attacker can exploit this...

F5 Networks BIG-IP : BIG-IP ASM XSS vulnerability (K14812883)

This is a stored cross-site scripting XSS vulnerability in an ASM violation viewed in the Configuration utility. In the worst case, an attacker can store a CSRF, which results in code execution as the admin user. CVE-2019-6607 The user levels that can store this attack are ASM Administrator,...

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

Design/Logic Flaw

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

CVE-2018-3969

An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerabilit...

FreeBSD : rssh - multiple vulnerabilities (d193aa9f-3f8c-11e9-9a24-6805ca0b38e8)

NVD reports : rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in allowscp permission that can result in Local command execution. This attack appear to be exploitable via An authorized SSH user with the allowscp...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3464

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...

CVE-2019-3463

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands...