CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46454

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

CVE-2023-46456

GL.iNET GL-AR300M (firmware 3.216) is affected by CVE-2023-46456, where the OpenVPN client file upload functionality can be abused to inject arbitrary shell commands, leading to remote code execution per multiple sources. The vulnerability affects the OpenVPN client file upload path; no official ...

PT-2023-30032 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 4.3.7 Description: The issue allows for the injection of arbitrary shell commands through a crafted package name in the package information functionality. This can potentially lead to unauthorized access and control ...

GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

CVE-2023-40151

When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled UDR-A any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP t...

GHSA-8JPR-FF92-HPF9 Run Shell Command allows Cross-Site Request Forgery

Impact A cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands by tricking an admin into loading the URL with the shell command. A very simple possibility for an attack are comments. When the...

Cross site request forgery (csrf)

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

CVE-2023-48292

CVE-2023-48292 concerns the XWiki Admin Tools RunShellCommand feature. The issue is a cross-site request forgery (CSRF) in versions 4.4 up to 4.5.0/1 that lets an authenticated admin be tricked into executing shell commands on the server. An attacker can exploit this by injecting a command into a...

Rocky Linux 8 : openssl (RLSA-2022:5818)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems ...

Amazon Linux 2 : openssl-snapsafe (ALASOPENSSL-SNAPSAFE-2023-001)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2023-001 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

CVE-2023-40581

CVE-2023-40581 concerns yt-dlp on Windows, where the --exec flag can perform shell commands with output template expansion. The underlying issue is that the escaping for cmd.exe is insufficient, allowing remote code execution when supplied data contains crafted metadata. The vulnerability is tied...

Freewill Solutions iFIS Operating System Command Injection Vulnerability

Freewill Solutions iFIS Freewill Solutions SMART Trade is a multi-modal order management system for stock markets such as the Stock Exchange SET, Ho Chi Minh Stock Exchange HSX, and other stock markets from Freewill Solutions. A security vulnerability exists in Freewill Solutions iFIS version...