CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

CVE-2023-40717

A use of hard-coded credentials vulnerability CWE-798 in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands...

Oracle Linux 8 : ksh (ELSA-2020-0559)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-0559 advisory. 20120801-253.0.1.el81 - Disable ASTnospawnveg for taskset workaround Orabug: 26754277 Red Hat Bug: 1295563 20120801-253 - Do not evaluate arithmetic expressions...

CVE-2023-40582

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

Command injection

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582 Command Injection Vulnerability in find-exec

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

CVE-2023-40582 Command Injection Vulnerability in find-exec

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

Google Chrome Input Validation Error Vulnerability (CNVD-2023-64445)

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from insufficient DevTools data validation. A remote attacker can exploit this vulnerability by sending a malicious HTTP...

CVE-2022-48580

A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

Freewill Solutions IFIS new trading web application vulnerable to unauthenticated remote code execution

Overview Freewill Solutions IFIS new trading web application version 20.01.01.04 is vulnerable to unauthenticated remote code execution. Successful exploitation of this vulnerability allows an attacker to run arbitrary shell commands on the affected host. Description Freewill Solutions IFIS new...

Potential privilege escalation by embedding shell commands in a mountpoint name

In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command within Bash by a different user, as demonstrated by logging in as root and entering umount followed by a tab...

TelegramRAT - Cross Platform Telegram Based RAT That Communicates Via Telegram To Evade Network Restrictions

Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions Installation: 1. git clone https://github.com/machine1337/TelegramRAT.git 2. Now Follow the instructions in HOW TO USE Section. HOW TO USE: 1. Go to Telegram and search for https://t.me/BotFather 2...

HCL Technologies BigFix Mobile Command Injection Vulnerability

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...

CVE-2023-28012

HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server...

HCL Technologies BigFix Mobile 命令注入漏洞

HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...

PT-2023-21478 · Hcl · Hcl Bigfix Mobile

Name of the Vulnerable Software and Affected Versions: HCL BigFix Mobile affected versions not specified Description: The issue allows an authenticated attacker to perform a command injection attack, enabling them to run arbitrary shell commands on the WebUI server. Recommendations: At the moment...

openSUSE 15 Security Update : texlive (SUSE-SU-2023:2284-2)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2284-2 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because...

Updated texlive packages fix security vulnerability

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...

CVE-2021-42081

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC...

CVE-2021-42081 Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355

An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. POC...