maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

RHCOS 4 : OpenShift Container Platform 4.9.55 (RHSA-2023:0573)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:0573 advisory. - maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Note that Nessus has not tested for this issue but has instead...

RHCOS 4 : OpenShift Container Platform 4.10.46 (RHSA-2022:9098)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:9098 advisory. - maven-shared-utils: Command injection via Commandline class CVE-2022-29599 Note that Nessus has not tested for this issue but has instead...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

Design/Logic Flaw

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

CVE-2023-42136

Summary (CVE-2023-42136 family): Android-based PAX PoS devices (PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 and earlier) are affected by a local privilege escalation via shell injection in a binder-exposed service, allowing an attacker with shell access to execute commands as the system user. Th...

CVE-2023-42136

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this...

PT-2024-1563 · Pax · Paydroid

Name of the Vulnerable Software and Affected Versions: PAX Android based POS devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier Description: The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary...

PAX Technology Android based POS Security Vulnerability

PAX Technology Android based POS is a series of Android mobile payment terminals from China-based PAX Technology. A security vulnerability exists in PAX Technology Android based POS PayDroid8.1.0SagittariusV11.1.5020230614 and prior versions, which stems from a vulnerability that allows an attack...

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

Sql injection

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

CVE-2023-50445

CVE-2023-50445 is a shell-injection vulnerability in GL.iNet router firmware affecting multiple models (A1300, AX1800, AXT1800, MT3000, MT2500, MT6000, MT1300, MT300N-V2, AR750S, AR750, AR300M, B1300) across several firmware versions (e.g., v4.4.6, v4.3.7, v4.5.0). The root cause is lack of input...

CVE-2023-50445

Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the getsystemlog and...

CVE-2023-46456

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

PT-2023-30034 · Gl.Inet · Gl-Ar300M

Name of the Vulnerable Software and Affected Versions: GL.iNET GL-AR300M version 3.216 Description: The issue allows for the injection of arbitrary shell commands through the OpenVPN client file upload functionality. This can potentially lead to remote code execution. Recommendations: For version...

maven-shared-utils: Command injection via Commandline class

A flaw was found in the maven-shared-utils package. This issue allows a Command Injection due to improper escaping, allowing a shell injection attack...

Rocky Linux 8 : maven:3.5 (RLSA-2022:4798)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:4798 advisory. - In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injecti...

GLSA-202310-22 : Salt: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-22 Salt: Multiple Vulnerabilities - An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege...