The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 lies in the lack of measures to neutralize special elements used in the operating system’s command when processing the...

Command injection

An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker ...

CVE-2023-23843 SolarWinds Platform Incorrect Comparison Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands...

CVE-2023-33225

CVE-2023-33225 affects SolarWinds Platform (and related Web Console components) via an Incorrect Comparison vulnerability that lets users with administrative access execute arbitrary commands with SYSTEM privileges. The issue is described across multiple connected sources as allowing command exec...

CVE-2023-23844 SolarWinds Platform Incomplete List of Disallowed Inputs Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges...

PYSEC-2023-126

PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted inthe ability to execute arbitrary commands on the operating system...

SolarWinds Platform 安全漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from US-based SolarWinds, Inc. A security vulnerability exists in SolarWinds Platform. An attacker could exploit the vulnerability to execute arbitrary commands with SYSTEM privileges...

Medium: openssl-snapsafe

Issue Overview: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it ...

CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)

Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...

CVE-2023-38646

CVE-2023-38646 affects Metabase Open Source versions before 0.46.6.1 and Metabase Enterprise versions before 1.46.6.1, allowing unauthenticated remote code execution via the api/setup/validate endpoint (pre-auth RCE). Exploitation details are documented in multiple PoCs and exploits (e.g., via /a...

CVE-2023-37650

A Cross-Site Request Forgery CSRF in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands...

The vulnerability of the io.popen() function in the luatex-core.lua component of LuaTeX desktop publishing systems, such as TeX Live and MiKTeX, allows a malicious actor to execute arbitrary commands.

The vulnerability of the io.popen function in the luatex-core.lua component of LuaTeX desktop publishing systems such as TeX Live and MiKTeX is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

MGASA-2023-0233 Updated texlive packages fix security vulnerability

Any document compiled with older versions of LuaTeX can execute arbitrary shell commands, even with shell escape disabled. CVE-2023-32700...

Microsoft Windows Multiple Vulnerabilities (KB5026368)

This host is missing an important security update according to Microsoft KB5026368 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2023-3527

A CSV injection vulnerability was found in the Avaya Call Management System CMS Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a...

CVE-2023-3527

A CSV injection vulnerability was found in the Avaya Call Management System CMS Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a...

CVE-2023-3527 Avaya Call Management System CSV injection vulnerability

A CSV injection vulnerability was found in the Avaya Call Management System CMS Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a...

CVE-2023-3527

CVE-2023-3527 concerns the Avaya Call Management System (CMS) Supervisor web app. The issue is a CSV injection vulnerability where an admin user can input crafted data that, when exported to a CSV file and opened in spreadsheet software (e.g., Excel), may trigger arbitrary command execution on th...