Nevado JMS 安全漏洞

Nevado JMS is a Skyscreamer open source JMS driver for the Queue and Notification Service SQS/SNS for AmazonWeb Services. A security vulnerability exists in Nevado JMS version v1.3.2, which stems from a lack of security checks when receiving messages, and can be exploited by an attacker to execut...

Contec SolarView Compact 操作系统命令注入漏洞

Contec SolarView Compact is an application system from Contec Japan. It provides measurement system for photovoltaic power generation. A security vulnerability exists in Contec SolarView Compact SV-CPT-MC310 Ver.8.10 prior and SV-CPT-MC310F Ver.8.10 prior, which stems from the presence of an...

CVE-2023-31708

A Cross-Site Request Forgery CSRF in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function...

CVE-2023-31826

CVE-2023-31826 affects Skyscreamer Open Source Nevado JMS v1.3.2, where message handling omits security checks. The root cause is lack of input validation in message reception, enabling arbitrary command execution via crafted data. Public references (NVD/Red Hat/Veracode/GHSA OSV) describe Remote...

CVE-2023-25183

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device...

CVE-2023-25183

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

Command injection

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

CVE-2023-32347

Teltonika RMS and related RUT devices are affected by multiple CVEs (CVE-2023-32346/32347/32348/32349/32350, and 32358 in some sources) affecting authentication, device claiming, SSRF, remote code execution, and OS command injection. Affected: RMS versions prior to 4.10.0 (and 4.14.0 for CVE-2023...

CVE-2023-32347

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, th...

The vulnerability of the ExtensionMethods.Clone() function in the application programming complex of the CODESYS Development System allows a perpetrator to execute arbitrary commands.

The vulnerability of the ExtensionMethods.Clone function in the application programming complex of the CODESYS Development System is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary commands using a specially created...

CVE-2023-33294

An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...

PT-2023-19964 · Snap One · Ovrc Pro

Name of the Vulnerable Software and Affected Versions: Snap One OvrC Pro versions prior to 7.2 Description: The issue allows users to execute arbitrary commands on the hub device when logged into the superuser account, due to a new functionality that appears in affected versions. Recommendations:...

Debian: Security Advisory (DSA-5406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : ctags (ALSA-2023:2863)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:2863 advisory. - A flaw was found in Exuberant Ctags in the way it handles the -o option. This option specifies the tag filename. A crafted tag filename specified in the command...

CVE-2023-32700

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5...

LuaTeX 安全漏洞

LuaTeX is an extended version of pdfTeX from LuaTeX, using Lua as the embedded scripting language. A security vulnerability exists in LuaTeX versions prior to 1.17.0, which arises from a vulnerability that allows execution of arbitrary shell commands when compiling TeX files obtained from untrust...

The vulnerability of the SetAccessPointMode.php script in D-Link router microprogramming devices such as DIR-822 Rev.B, DIR-822 Rev.C, DIR-860L Rev.B, DIR-868L Rev.B, DIR-880L Rev.A, and DIR-890L Rev.A allows a hacker to execute arbitrary commands.

The vulnerability of the SetAccessPointMode.php script in D-Link router microprogramming software such as DIR-822 Rev.B, DIR-822 Rev.C, DIR-860L Rev.B, DIR-868L Rev.B, DIR-880L Rev.A, and DIR-890L Rev.A exists due to the failure to take measures to neutralize the special elements used in the...

AlmaLinux 8 : emacs (ALSA-2023:3104)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3104 advisory. - A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the org- babel-execute:latex function in ob-latex.el can result in...

TOTOLINK A3300R 命令注入漏洞

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R v17.0.0cu.557, which originates from a failure of the setddnscfg function of the request /cgi-bin/cstecgi.cgi to correctly filter constructed command...