Command injection

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

PYSEC-2023-72

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

emacs: command injection vulnerability in org-mode

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution...

CVE-2023-20852

aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service...

GajShield Data Security Firewall 安全漏洞

GajShield Data Security Firewall is an enterprise-grade firewall product from GajShield that provides network security solutions to protect organizations from a wide range of cyber threats and attacks, including malware, viruses, spyware, phishing, DDoS attacks, and more. A security vulnerability...

IBM AIX Elevation of Privilege Vulnerability (CNVD-2023-58513)

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. An elevation of privilege vulnerability exists in IBM AIX, which can be exploited by an attacker to execute arbitrary commands...

CVE-2023-26286

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421...

CVE-2023-26286

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421...

RHEL 9 : emacs (RHSA-2023:2010)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2010 advisory. GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language elisp, and the...

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2023-28528)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2023-28528. Vulnerability Details CVEID:CVE-2023-28528 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...

emacs: command injection vulnerability in org-mode

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution...

emacs: command injection vulnerability in org-mode

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution...

IBM AIX 安全漏洞

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. An elevation of privilege vulnerability exists in IBM AIX, which can be exploited by an attacker to execute arbitrary commands...

CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

CVE-2023-20865

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root...

The vulnerability of the ping.ccp component of the D-Link DIR820LA1 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ping.ccp component of the D-Link DIR820LA1 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

PT-2023-2386 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: The issue exists due to improper input validation when uploading a Device Pack, allowing an authenticated, remote attacker to execute arbitrary commands with...

Red Hat Satellite 操作系统命令注入漏洞

Red Hat Satellite is a system management platform from Red Hat. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite, which originates in the...

CVE-2021-28254

A deserialization vulnerability in the destruct function of Laravel v8.5.9 allows attackers to execute arbitrary commands...

Laravel 代码问题漏洞

Laravel is a web application framework from the Laravel community. A security vulnerability exists in Laravel version v8.5.9 that stems from the presence of a deserialization vulnerability that allows an attacker to execute arbitrary commands...