PT-2023-21733 · Array Networks · Array Networks Apv

Name of the Vulnerable Software and Affected Versions: Array Networks APV products versions prior to 8.6.1.262 Array Networks APV products versions prior to 10.4.2.93 Description: A command injection issue was discovered in Array Networks APV products. A remote attacker can send a crafted packet...

CVE-2023-26922

SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shellexect parameter to the \www\pages\matrix-gui-2.0 endpoint...

SketchSVG 代码注入漏洞

eBay SketchSVG is eBay's tool for extracting icons from Sketch files and compressing them into SVGs. A security vulnerability exists in SketchSVG that stems from vulnerability to arbitrary code injection when shell.exec is called...

CVE-2023-26035 ZoneMinder vulnerable to Missing Authorization

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

CVE-2023-26035

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

CVE-2022-27482

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x traceroute.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Puls...

Arbitrary Code Injection

Overview sketchsvg is a Command line tool used to convert and compress Sketch Icons/images to SVG and base64 formats. Affected versions of this package are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current...

CVE-2022-2025

CVE-2022-2025 affects Grandstream GSD3710 devices with firmware 1.0.11.13 and earlier. The vulnerability is a stack-based buffer overflow caused by not validating the length of parameters before using strcpy, allowing an attacker who knows valid user credentials to overflow the stack and potentia...

Grandstream GSD3710 缓冲区错误漏洞

The Grandstream GSD3710 is an HD video access control system from Grandstream. A security vulnerability exists in the Grandstream GSD3710 version 1.0.11.13, which stems from not checking the length of parameters before using the strcopy command, and can be exploited by an attacker to execute a...

CVE-2022-39224

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

Command injection

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224 Arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Arr-pm is an RPM reader/writer library written in Ruby. Versions prior to 0.0.12 are subject to OS command injection resulting in shell execution if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class of this...

CVE-2022-39224

Arr-pm is a Ruby RPM reader/writer library. Versions prior to 0.0.12 are vulnerable to OS command injection when the RPM contains a malicious payload compressor field, affecting the RPM::File::extract and RPM::File::files methods. Version 0.0.12 patches these issues. A workaround is to ensure RPM...

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm.

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm

Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...

UBUNTU-CVE-2021-4041

A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansiblerunner.interface.runcommand, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual...

Medium: openssl

Issue Overview: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it ...