TRENDnet TV-IP1314PI 安全漏洞

The TRENDnet TV-IP1314PI is a wireless network camera from TRENDnet. The TRENDnet TV-IP1314PI suffers from a command injection vulnerability, which originates from davinci's use of the system function to unpack language packets without strict filtering of URL strings, which can be exploited by an...

CVE-2023-48811

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function that when passed to the CsteSystem function creates a command execution vulnerability...

CVE-2023-48804

In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...

zenstruck collections 注入漏洞

zenstruck collections is a set of helpers for iterating/paging/filtering collections from the zenstruck project. An injection vulnerability exists in zenstruck collections that stems from passing callable strings e.g., system leading to function execution...

The vulnerability of the system() function in NETGEAR RAX30 microprogramming devices allows a hacker to execute arbitrary code.

The vulnerability of the system function in NETGEAR RAX30 microprogramming devices stems from insufficient validation of input data during the processing of port discovery requests via UPnP. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SUSE CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

SUSE CVE-2008-2712

Vim 7.1.314, 6.4, and other versions allows user-assisted remote attackers to execute arbitrary commands via Vim scripts that do not properly sanitize inputs before invoking the execute or system functions, as demonstrated using 1 filetype.vim, 3 xpm.vim, 4 gzipvim, and 5 netrw. NOTE: the...

SUSE CVE-2008-3076

The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the 1 mz and 2 mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue...

SUSE CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

EasyNAS 操作系统命令注入漏洞

EasyNAS is an EasyNAS open source storage management system for the home or small office. A command injection vulnerability exists in EasyNAS version 1.1.0, which stems from a problem with the function system of the file /backup.pl that can lead to operating system command injection...

Design/Logic Flaw

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

CVE-2023-0164

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

PT-2023-16050 · Unknown · Orangescrum

Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

Design/Logic Flaw

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-37254

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting XSS via Background - System - system function - configuration management...

Cross site scripting

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting XSS via Background - System - system function - configuration management...

Remote Code Execution due to code injection

Description RCE in CP ADMIN site structure it needs admin privilege Because of the typo in the sanitization. Anyone who has admin privilege can edit “site structure”, bypass it and execute php code. And we can execute system or other system function by php, so that's a RCE vulnerability. And next...

Code injection in grav

Grav is vulnerable to Server Side Template Injection via Twig. According to a previous vulnerability report, Twig should not render dangerous functions by default, such as system...