CVE-2023-50260

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the hostdeny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active...

CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the hostdeny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active...

CVE-2023-50260 Wazuh's vulnerability in host_deny AR script allows arbitrary command execution

Wazuh is a free and open source platform used for threat prevention, detection, and response. A wrong validation in the hostdeny script allows to write any string in the hosts.deny file, which can end in an arbitrary command execution on the target system. This vulnerability is part of the active...

CVE-2023-50260

Wazuh contains a vulnerability in the host_deny active-response script due to improper input validation for IP/JSON handling. An attacker can write arbitrary text into /etc/hosts.deny via the host_deny spawn directive, enabling arbitrary command execution. This can cause local privilege escalatio...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions 4.2.0 through 4.7.2, which stems from a hostdeny that allows any...

Ivanti Avalanche 安全漏洞

Ivanti Avalanche is a mobile device management MDM software platform designed to help organizations manage, maintain and secure their mobile devices. It supports a range of device types, including smartphones, tablets, and industrial devices. A heap overflow vulnerability exists in Ivanti Avalanc...

The vulnerability of the svc_cbr utility in the operating system for Dell Unity Operating Environment storage systems allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the svccbr utility in the Dell Unity Operating Environment OE storage system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary operating...

CVE-2023-39367

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2023-39367

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2023-39367

The set of Red Hat CVEs describe multiple issues affecting Peplink Smart Reader v1.2.0 (in QEMU): CVE-2023-39367 is an OS command injection in the web interface mac2name, exploitable by authenticated HTTP requests to execute commands; CVE-2023-40146 is a privilege-escalation via /bin/login that c...

Tenda W30E 安全漏洞

Tenda W30E is an enterprise-grade wireless router designed for SOHO, small and micro business offices and small store networking, supporting Wi-Fi 6 technology. The Tenda W30E suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failin...

Tenda AC7 安全漏洞

Tenda AC7 is a 1200M dual-band wireless router designed for large households by Tenda Technology, which adopts the 802.11ac standard and supports dual-band concurrent transmission with a wireless rate of up to 1167Mbps. Tenda AC7 suffers from a command injection vulnerability that stems from the...

Tenda FH1203 安全漏洞

Tenda FH1203 is a dual-band wireless router from Tenda China, mainly used for home network coverage. The Tenda FH1203 suffers from a command injection vulnerability that stems from the cmdinput parameter of the formexeCommand method failing to properly filter construct command special characters,...

nginxWebUI OS Command Injection Vulnerability

nginxWebUI is an nginx web configuration tool. An operating system command injection vulnerability exists in nginxWebUI, which stems from the file parameter of the /adminPage/main/upload file failing to properly filter constructed command special characters, commands, and so on. An attacker can...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

Aim Code Injection Vulnerability

Aim is an easy-to-use and high-performance open source experiment tracker from the United States. Aim suffers from a code injection vulnerability. The vulnerability stems from the application failing to properly filter special elements of constructed code segments. An attacker could exploit the...

Hikvision Interactive Tablet DS-D5B86RB/B 安全漏洞

The Hikvision Interactive Tablet DS-D5B86RB/B is a 4K interactive display from Hikvision China. A security vulnerability exists in Hikvision Interactive Tablet DS-D5B86RB/B version V2.3.0 build220119, which stems from the presence of an insecure default configuration that allows an attacker to...

nginxWebUI 操作系统命令注入漏洞

nginxWebUI is an nginx web configuration tool. An operating system command injection vulnerability exists in nginxWebUI, which stems from the file parameter of the /adminPage/main/upload file failing to properly filter constructed command special characters, commands, and so on. An attacker can...

CVE-2024-29454

CVE-2024-29454 is rejected/not used; this candidate was withdrawn and does not represent an active vulnerability entry.

Form Tools 安全漏洞

Form Tools is an open source code base for Form Tools scripts, modules, themes and APIs. A security vulnerability exists in Form Tools version 3.1.1 that originates from allowing an attacker to run arbitrary commands through the Group Name field under the Add Form section of the application...