1764 matches found
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
Hardcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
CVE-2023-26203
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands...
Fortinet FortiNAC 信任管理问题漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. A security vulnerability exists in Fortinet FortiNAC that stems from the use of hard-coded credentials that could allow an...
FortiNAC - database harcoded credentials
A use of hard-coded credentials vulnerability CWE-798 in FortiNAC may allow an authenticated attacker to access to the database via shell commands...
PT-2023-23566 · Apache · Apache Spark
Name of the Vulnerable Software and Affected Versions: Apache Spark versions prior to 3.4.0 Description: The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to vi...
CVE-2023-30856
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...
Cross site scripting
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...
eDEX-UI 访问控制错误漏洞
eDEX-UI is a full-screen, cross-platform terminal emulator and system monitor from the individual developer Gabriel Saillard in France. A security vulnerability exists in eDEX-UI version 2.2.8 and prior versions, which stems from vulnerability to cross-site web hijacking, where a malicious websit...
Command Injection
ocrfeeder is vulnerable to Command Injection. This vulnerability allows a malicious attacker to force 'ocrfeeder' to execute shell commands within the file name be it in PDF or image form leading to arbitrary shell command injection...
Design/Logic Flaw
NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering...
CVE-2023-25555
A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials to execute unprivileged shell commands on the appliance over SSH. Affected products: StruxureWare Data Center Expert V7.9.2 an...
Juniper Networks Junos OS Evolved 操作系统命令注入漏洞
Juniper Networks Junos OS Evolved is an upgraded version of Juniper Networks' Junos OS. Juniper Networks Junos OS Evolved suffers from an operating system command injection vulnerability that stems from the presence of an operating system command injection vulnerability that can be exploited by a...
Osprey Pump Controller 1.0.1 - (pseudonym) Semi-blind Command Injection
Exploit Title: Osprey Pump Controller 1.0.1 - pseudonym Semi-blind Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/202...
Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. The newest of the thr...
Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. The newest of the thr...
Command injection
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script...
CVE-2023-28102 Command injection in discordrb
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...
CVE-2023-28102 Command injection in discordrb
discordrb is an implementation of the Discord API using Ruby. In discordrb before commit 91e13043ffa the encoder.rb file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly...