D-Link DAR-8000 操作系统命令注入漏洞

D-Link DAR-8000 is the Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-8000-10 suffers from an operating system command injection vulnerability that originates from the file parameter of /log/decodmail.php failing to correctly filter constructed command special characters,...

CVE-2023-34392

The CVE-2023-34392 entry describes a Missing Authentication for Critical Function flaw in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator, enabling an attacker to execute arbitrary commands on managed devices via an authorized operator. Affected software is SEL-5037 Grid Config...

CVE-2023-41636

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

Synology Router Manager 操作系统命令注入漏洞

Synology Router Manager SRM is a software used to configure and manage Synology routers from Synology Inc. in China. An operating system command injection vulnerability exists in Synology Router Manager versions prior to 1.3 1.3.1-9346-6, which stems from an incorrect neutralization of special...

CVE-2023-40592

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting XSS on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk...

Tenda AC6 操作系统命令注入漏洞

Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps and dual-band all-in-one functionality. The Tenda AC6 suffers from a command execution vulnerability that stems from the sub3A1D0 function failing to properly filte...

Tenda AC6 操作系统命令注入漏洞

Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps and dual-band all-in-one functionality. The Tenda AC6 suffers from a command execution vulnerability that stems from the subADF3C function failing to properly filte...

D-Link DAR-8000-10 Operating System Command Injection Vulnerability

D-Link DAR-8000 is the Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-8000-10 version suffers from an operating system command injection vulnerability, which originates from the parameter id of the file /app/sys1.php failing to correctly filter construct command special...

ZTE MF286R Command Injection Vulnerability (CNVD-2023-99925)

The ZTE MF286R is a wireless router from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE MF286R CRLVWRGBMF286RV1.0.0B04 version, which originates from an application that fails to properly filter constructed command special characters, commands, and so on. An...

PYSEC-2023-161

GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the git command, if a user runs GitPython from a repo has a git.exe or git...

CVE-2023-1997

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

Command injection

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

CVE-2023-1997 OS Command Injection vulnerability affecting SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A CSV injection vulnerability exists in IBM InfoSphere Information Server version 11.7, which...

D-Link DAR-8000 操作系统命令注入漏洞

D-Link DAR-8000 is the Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-8000-10 version suffers from an operating system command injection vulnerability, which originates from the parameter id of the file /app/sys1.php failing to correctly filter construct command special...

PT-2023-5555 · Nagios +3 · Nagios +3

Name of the Vulnerable Software and Affected Versions: Nagios nagios-plugins version 2.4.5 Description: The issue concerns arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with $IFS in the check by ssh component of Nagios nagios-plugins. This allows a remote...

CVE-2023-24517

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue unrestricted file upload to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms...

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date...

CVE-2023-24517

Summary: CVE-2023-24517 affects the Pandora FMS File Manager component, enabling an unrestricted file upload that can be used to execute arbitrary system commands. Affected versions include Pandora FMS prior to 7.67 (notably v7.67 is cited as the fixed version). Root cause described in PT Securit...

PT-2023-19664 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions prior to 7.67 Description: The issue allows an attacker to execute arbitrary system commands by exploiting an unrestricted file upload vulnerability in the Pandora FMS File Manager component. Recommendations: For versions...