PT-2023-12125 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel version 8.5.9 Description: A deserialization vulnerability in the destruct function allows attackers to execute arbitrary commands. Recommendations: For Laravel version 8.5.9, consider disabling the destruct function until a patch is...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local, authenticated user to execute arbitrary execute commands on the system. Even those for which the malicious user is not initially authorized to do. IBM has released updates to fix the vulnerabilities in AIX. For more...

Vulnerability of the initializePlugin function in the sipXopenfire\presence-plugin\src\org\sipfoundry\openfire\plugin\presence\SipXOpenfirePlugin.java file. The PBX server of the corporate IP telephony management system CoreDial sipXcom sipXopenfire allows intruders to escalate their privileges or execute arbitrary commands.

The vulnerability lies in the function initializePlugin of the sipXopenfire\presence-plugin\src\org\sipfoundry\openfire\plugin\presence\SipXOpenfirePlugin.java file. In the PBX server of the corporate IP telephony management system, CoreDial sipXcom sipXopenfire relies on the implementation or...

The vulnerability of the /etc/init.d/openfire file in the PBX server of the corporate IP telephony management system CoreDial sipXcom sipXopenfire allows a attacker to escalate their privileges or execute arbitrary commands.

The vulnerability of the /etc/init.d/openfire file in the CoreDial sipXcom sipXopenfire server of the corporate IP-telephony management system is related to improper privilege assignment. Exploiting this vulnerability could allow an attacker to enhance their privileges or execute arbitrary comman...

The vulnerability of NETGEAR Orbi Satellite RBS750’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of NETGEAR Orbi Satellite RBS750 router’s microprogramming software is related to the presence of undocumented commands. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands using a specially created package...

AIX is vulnerable to arbitrary command execution

IBM SECURITY ADVISORY First Issued: Wed Apr 12 12:36:51 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/librtsadvisory.asc Security Bulletin: AIX is vulnerable to arbitrary command execution CVE-2023-26286...

AIX is vulnerable to arbitrary command execution due to invscout

IBM SECURITY ADVISORY First Issued: Wed Apr 12 12:32:10 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscoutadvisory4.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout CVE-2023-28528...

TOTOLINK A7100RU pppoeAcName Parameter Command Injection Vulnerability

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that originates from the pppoeAcName parameter of /setting/setWanIeCfg failing to correctly...

TOTOLINK A7100RU org Parameter Command Injection Vulnerability

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the org parameter in setting/delStaticDhcpRules failing to properly filter...

The vulnerability of the command-line interface of Cisco IOS XE SD-WAN software allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface of Cisco IOS XE SD-WAN software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

Siemens SCALANCE W1750D Command Injection (CVE-2021-37730)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant...

Siemens (CVE-2021-37732)

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...

Important: emacs

Issue Overview: org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. CVE-2023-28617 Affected Packages: emacs Issue Correction: Run dnf update emacs...

The vulnerability of the Cisco Identity Services Engine (ISE) platform, related to the lack of data cleansing at the management level, allows attackers to execute arbitrary commands and elevate their privileges to the root level.

The vulnerability of the Cisco Identity Services Engine ISE platform relates to the lack of data cleansing measures at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary commands and elevate their privileges to root using a specially created CLI command...

The vulnerability of Barracuda CloudGen WAN’s web interface allows a attacker to execute arbitrary commands.

The vulnerability of the Barracuda CloudGen WAN web interface is related to insufficient protection of the web page structure when processing the end point /ajax/updatecertificate. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted HT...

The vulnerability of the Cisco Identity Services Engine (ISE) platform, related to the lack of data cleansing at the management level, allows attackers to execute arbitrary commands and elevate their privileges to the root level.

The vulnerability of the Cisco Identity Services Engine ISE platform relates to the lack of data cleansing measures at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary commands and elevate their privileges to root using a specially created CLI command...

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that stems from the org parameter in setting/delStaticDhcpRules failing to properly filter...

TOTOLINK A7100RU 命令注入漏洞

The TOTOLINK A7100RU is a wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home network connection. The TOTOLINK A7100RU suffers from a command injection vulnerability that originates from the pppoeAcName parameter of /setting/setWanIeCfg failing to correctly...

Ubuntu: Security Advisory (USN-6003-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6003-1 emacs24 vulnerability

Xi Lu discovered that Emacs did not properly handle certain inputs. An attacker could possibly use this issue to execute arbitrary commands...