Secheron SEPCOS Control and Protection Relay 安全漏洞

Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.The Secheron SEPCOS Control and Protection Relay has a weak password...

USN-5459-1: cifs-utils vulnerabilities

Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14342 It was discovered that cifs-utils...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. and V8 is an open source JavaScript engine. Google Chrome suffers from a resource management error vulnerability that stems from the presence of post-release reuse in the Chrome OS shell...

CVE-2022-20001 Injection in fish

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

Google Chrome和Chrome OS 资源管理错误漏洞

Google Chrome is a web browser from Google, Inc. A memory mis-reference vulnerability exists in Google Chrome OS Shell, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service condition...

Zsh 操作系统命令注入漏洞

Zsh is a command interpreter that can be used as a shell for interactive login and scripting. A security vulnerability exists in Zsh that stems from the recursive PROMPTSUBST extension. In zsh before 5.8.1, an attacker can achieve code execution by controlling the output of commands within the...

gnome-shell 安全漏洞

gnome-shell is a shell that provides core user interface functionality such as switching windows, launching applications or viewing notifications for the GNOME desktop. A security vulnerability exists in gnome-shell, where an attacker with low privileged privileges may be able to exploit the...

PuTTY 数据伪造问题漏洞

PuTTY is a free set of Telnet, Rlogin and SSH client software from Simon Tatham's personal developer. The software is primarily used for remote administration of Linux systems. PuTTY is vulnerable to a data forgery issue that could be exploited by an attacker to cause a controlled SSH server to...

CVE-2021-1306

A vulnerability in the restricted shell of Cisco Evolved Programmable Network EPN Manager, Cisco Identity Services Engine ISE, and Cisco Prime Infrastructure could allow an authenticated, local attacker to identify directories and write arbitrary files to the file system. This vulnerability is du...

CVE-2020-10857

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution...

Command Injection

async-git is vulnerable to command injection. An attacker is able to inject malicious OS command to the system shell via the getter function in the index.js file...

SSH Code Issues Vulnerabilities

SSH is an application protocol of SSH. It provides encrypted transmission of network traffic. A code issue vulnerability exists in version v0.0.0-20201203163018-be400aefbc4c and prior versions of golang.org/x/crypto/ssh component, which allows remote attackers to cause a denial of service to an s...

Potential Command Injection in libnotify

Versions 1.0.3 and earlier of libnotify are affected by a shell command injection vulnerability. This may result in execution of arbitrary shell commands, if user input is passed into libnotify.notify. Untrusted input passed in the call to libnotify.notify could result in execution of shell...

PT-2020-3981 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Shell infrastructure component, which improperly handles objects in memory. This could allow an attacker to run...

Exploit for Code Injection in Microsoft

This repository contains a proof-of-concept PoC exploit for CVE-2017-8759, a vulnerability in the Windows Shell that allows for arbitrary code execution. The exploit is designed to weaponize the vulnerability, allowing an attacker to execute malicious code on a vulnerable system. The PoC is...

Command Execution Vulnerability in SSH of UPS Management Module at VitiTech Ltd.

VitiTech is an uninterruptible power supply, automation control equipment and industrial battery company. A command execution vulnerability exists in SSH, the UPS management module of Verti Technologies Ltd. The vulnerability can be exploited to remotely execute system shell commands bypassing...

CVE-2020-11965

In IQrouter through 3.3.1, there is a root user without a password, which allows attackers to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration which has a required step fo...

UBUNTU-CVE-2019-14868

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those...

MikroTik routers resource management error vulnerability

MikroTik routers is a router product from the Latvian company MikroTik. A security vulnerability exists in the SSH daemon in MikroTik routers v6.44.3 and earlier versions. A remote attacker could exploit the vulnerability to cause new authorized connections to fail...

CVE-2014-2906

The psub function in fish aka fish-shell 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name...