OSNEXUS QuantaStor 操作系统命令注入漏洞

OSNEXUS QuantaStor is a unified software-defined storage platform from OSNEXUS Corporation. An operating system command injection vulnerability exists in OSNEXUS QuantaStor versions prior to 6.0.0.355. An attacker could exploit this vulnerability to remotely execute arbitrary shell commands via t...

Design/Logic Flaw

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2023-2625

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user...

CVE-2023-2625

CVE-2023-2625 (CoreTec 4) : The provided documents describe a command-injection vulnerability in Hitachi Energy TXpert Hub CoreTec 4. An authenticated client on the same network segment (with any access level from VIEWER to ADMIN) can inject shell commands through a specific field in the web UI, ...

Oracle Linux 8 / 9 : texlive (ELSA-2023-3661)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3661 advisory. 9:20200406-26 - Resolves: 2209872, CVE-2023-32700 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

texlive: arbitrary code execution allows document complied with older version

An arbitrary code execution vulnerability was found in LuaTeX TeX Live that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled...

EulerOS Virtualization 3.0.6.0 : python2 (EulerOS-SA-2023-2214)

According to the versions of the python2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34334

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

Design/Logic Flaw

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

CVE-2023-34343

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...

PT-2023-12820 · Percona +1 · Percona Xtrabackup +1

Name of the Vulnerable Software and Affected Versions: Percona XtraBackup versions 2.2.0 through 2.2.24 Percona XtraBackup versions 3.0.0 through 8.0.27-19 Description: A crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands...

EulerOS Virtualization 2.11.0 : python3 (EulerOS-SA-2023-2103)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system...

Fedora 37 : texlive-base (2023-d261122726)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d261122726 advisory. Fix CVE-2023-32700 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : TeX Live vulnerability (USN-6115-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6115-1 advisory. Max Chernoff discovered that LuaTeX TeX Live did not properly disable shell escape. An attacker could possibly use this issue to...

SUSE SLES15 / openSUSE 15 Security Update : texlive (SUSE-SU-2023:2285-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2285-1 advisory. - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted sourc...

CVE-2023-32700

An arbitrary code execution vulnerability was found in LuaTeX TeX Live that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled...