CVE-2023-20878

VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system...

VMware Aria Operations 代码问题漏洞

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. VMware Aria Operations has a security vulnerability that originated when the system contained a deserialization...

Tenda AC23 命令注入漏洞

Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. Tenda AC23 suffers from a command injection vulnerability, which stems from the parameter v2 of the file /bin/ate failing to correctly filter construct command special characters, commands, etc. An attacker can exploit this...

The vulnerability of Backup Exec’s software for backup and data restoration lies in its lack of authentication procedures. This allows attackers to bypass security restrictions and execute arbitrary commands.

The vulnerability of Backup Exec’s backup and recovery software is related to deficiencies in authentication procedures when using the SHA cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands...

The vulnerability of Backup Exec’s software for backup and data restoration lies in its lack of authentication procedures. This allows attackers to elevate their privileges and execute arbitrary commands.

The vulnerability of Backup Exec’s backup and recovery software is related to deficiencies in authentication procedures when using the SHA cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

The vulnerability of Backup Exec’s software for backup and data restoration lies in its lack of authentication procedures. This allows attackers to elevate their privileges and execute arbitrary commands.

The vulnerability of Backup Exec’s backup and recovery software is related to deficiencies in authentication procedures when using the SHA cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands...

git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

CVE-2020-23966

SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request...

CVE-2023-22788 Authenticated Remote Command Execution in Aruba InstantOS or ArubaOS 10 Command Line Interface

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

EulerOS 2.0 SP10 : emacs (EulerOS-SA-2023-1819)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or...

CVE-2020-23966

SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request...

Tenda AC18 setUsbUnload Function Command Injection Vulnerability

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability, which stems from the existence of a command injection vulnerability via the deviceName...

CVE-2020-23966

SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request...

CVE-2023-30013

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...

TOTOLINK X5000R 操作系统命令注入漏洞

TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 versions, which stems from the presence of a command injection in the setting/setTracerouteCfg, which can be exploited by an...

Tenda AC18 命令注入漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a command injection vulnerability, which stems from the existence of a command injection vulnerability via the deviceName...

The vulnerability of the invscout command in the IBM AIX operating system, allowing a hacker to execute arbitrary commands

The vulnerability of the invscout command in the IBM AIX operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the errlog() system call function in the runtime services library of the IBM AIX operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the errlog system call function in the runtime services library of the IBM AIX operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows an attacker to execute...

CVE-2023-2491

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise...

CVE-2022-30759

In Nokia One-NDS aka Network Directory Server through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands...