1820 matches found
Facebook Tacacs+ 安全漏洞
Facebook Tacacs+ is a daemon library from Facebook Inc. in the United States. A security vulnerability exists in Facebook Tacacs+ version F4.0.4.28 and earlier, which originates from allowing users to configure authorization checks as shell commands via the tacplus.cfg configuration file...
CVE-2024-33344
D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of uploadfirmware.cgi, which allows remote attackers to execute arbitrary commands via shell...
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities in Palo Alto Networ...
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry...
CVE-2023-38290
Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38290
Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...
PT-2024-12695 · Unknown · Com.Evenwell.Fqc
Name of the Vulnerable Software and Affected Versions: com.evenwell.fqc version 9.0208.01 com.evenwell.fqc version 9.0209.13 com.evenwell.fqc version 9.0212.03 Description: The vulnerability in the com.evenwell.fqc app allows local third-party apps to execute arbitrary shell commands in its conte...
CVE-2023-38294
The CVE-2023-38294 issue affects Itel Vision 3 Turbo devices with a pre-installed vulnerable app com.transsion.autotest.factory (versionCode 7, versionName 1.8.0(220310_1027)). The root cause is inadequate access control in this component, enabling local third‑party apps to execute arbitrary shel...
CVE-2023-38290
CVE-2023-38290 affects BLU View 2 and Sharp Rouvo V Android devices due to a vulnerable pre-installed com.evenwell.fqc app. The issue: inadequate access control lets local third-party apps execute arbitrary shell commands in the app’s system context without special permissions, enabling actions s...
Itel Vision 3 Turbo 安全漏洞
The Itel Vision 3 Turbo is a smartphone from Itel. A security vulnerability exists in the Itel Vision 3 Turbo that stems from the fact that certain software versions of the device contain a vulnerable pre-installed application com.transsion.autotest.factory with insufficient access control that...
CVE-2023-38294
Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...
CVE-2023-38290
Certain software builds for the BLU View 2 and Sharp Rouvo V Android devices contain a vulnerable pre-installed app with a package name of com.evenwell.fqc versionCode='9020801', versionName='9.0208.01' ; versionCode='9020913', versionName='9.0209.13' ; versionCode='9021203',...
com.evenwell.fqc 安全漏洞
com.evenwell.fqc is a component. A security vulnerability exists in com.evenwell.fqc, which arises from the fact that certain software versions of the device contain a vulnerable pre-installed application com.evenwell.fqc that allows a native third-party application to execute arbitrary shell...
PT-2024-12699 · Itel +1 · Itel Vision 3 Turbo +1
Name of the Vulnerable Software and Affected Versions: Itel Vision 3 Turbo Android device with pre-installed app com.transsion.autotest.factory version 1.8.0220310 1027 Description: The vulnerability in the com.transsion.autotest.factory app allows local third-party apps to execute arbitrary shel...
Fedora 38 : rust (2024-bbb141c1ed)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bbb141c1ed advisory. Security fix for CVE-2024-24576 Windows command injection Tenable has extracted the preceding description block directly from the Fedora security...
CVE-2024-24576
A command injection flaw was found in Rust, exclusive to Windows environments. When invoking batch files on Windows using the Command API, Rust explicitly uses cmd.exe which has complicated parsing rules for arguments. If an attacker can control part of the command arguments of the batch file, th...
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...
CVE-2024-24576 Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...