CVE-2023-25539

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the...

CVE-2023-33487

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter...

TOTOLINK X5000R 命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK X5000R version V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113, which stems from the presence of a command injection vulnerability that allows an attacker to execute arbitrary...

Dell NetWorker 操作系统命令注入漏洞

Dell NetWorker is an application from Dell USA Inc. It provides forum discussion functionality for Dell Inc. An operating system command injection vulnerability exists in Dell NetWorker version 19.6.1.2. An attacker could exploit this vulnerability to execute arbitrary operating system commands o...

CVE-2023-33486

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...

USN-6115-1 texlive-bin vulnerability

Max Chernoff discovered that LuaTeX TeX Live did not properly disable shell escape. An attacker could possibly use this issue to execute arbitrary shell commands...

USN-6108-1 Jhead vulnerabilities

It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. CVE-2021-34055 Kyle Brown discovered that Jhead did not properly handle certain crafted images while...

Oracle Linux 8 : emacs (ELSA-2023-3104)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3104 advisory. 1:26.1-10.2 - Bump release 1:26.1-10.1 - Bump release 1:26.1-10 - Fix ob-latex.el command injection vulnerability 2180586 1:26.1-9 - Fix MH-E mail composition...

The vulnerability of the /goform/form2systime.cgi microprogramming software for D-Link DIR-816 A2 routers allows a hacker to execute arbitrary commands.

The vulnerability of the /goform/form2systime.cgi microprogramming system for D-Link DIR-816 A2 exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the /goform/Diagnosis component of D-Link DIR-816 A2 microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the /goform/Diagnosis component of D-Link DIR-816 A2 router microprogramming systems exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the /goform/sylogapply component in the D-Link DIR-816 A2 router’s microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the /goform/sylogapply component in the D-Link DIR-816 A2 router microprogramming system exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

Oracle Linux 8 : ctags (ELSA-2023-2863)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2863 advisory. 5.8-23 - CVE-2022-4515, arbitrary code execution issue Resolves: rhbz2153787 Tenable has extracted the preceding description block directly from the Oracle Linu...

CVE-2023-28392

Wi-Fi AP UNIT AC-PD-WAPU v1.05B04 and earlier, AC-PD-WAPUM v1.05B04 and earlier, AC-PD-WAPU-P v1.05B04P and earlier, AC-PD-WAPUM-P v1.05B04P and earlier, AC-WAPU-300 v1.00B07 and earlier, AC-WAPU-300-P v1.00B08P and earlier, AC-WAPUM-300 v1.00B07 and earlier, and AC-WAPUM-300-P v1.00B08P and...

CVE-2023-27514

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command...

CVE-2023-31826

Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

CVE-2023-31826

Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data...

CVE-2023-28390

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38N and earlier and SR-7100VN 31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS Operating System. As a result, an...

CVE-2023-27514

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command...

EyouCMS 跨站请求伪造漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCMS v1.6.2, which originated from allowing an attacker to execute arbitrary commands by uploading a carefully...