CVE-2023-24671

VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file...

Tenda AX3 命令注入漏洞

The Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda China. Tenda AX3 V16.03.12.11 suffers from a command injection vulnerability that stems from the lanip parameter of /goform/AdvSetLanip failing to correctly filter constructed command special characters, commands,...

TP-LINK Archer AX21 命令注入漏洞

TP-Link Archer AX21 AX1800 is a WIFI6 router from TP-Link.TP-Link Archer AX21 AX1800 suffers from a command injection vulnerability, which stems from unfiltered user input and can be exploited by attackers to construct malicious requests to execute arbitrary commands...

The vulnerability of the eval() function in the debmany utility package of the Debian-goodies suite allows a hacker to execute arbitrary commands.

The vulnerability of the eval function in the debmany utility package of the Debian-goodies suite is related to the lack of measures taken to neutralize special elements used in operating system commands when processing .deb files. Exploiting this vulnerability allows an attacker to execute...

The vulnerability of FortiWeb web applications’ network firewalls stems from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted...

CVE-2023-0628

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

Design/Logic Flaw

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

CVE-2023-0628

Docker Desktop before 4.17.0 is affected by an issue where an attacker can execute arbitrary commands inside a Dev Environments container during initialization by convincing a user to open a crafted docker-desktop:// URL. Affected product: Docker Desktop (Dev Environments container). Root cause i...

D-Link DIR-867 操作系统命令注入漏洞

The D-Link DIR-867 is a wireless router from China Youxun D-Link.A command injection vulnerability exists in the D-Link DIR-867, which is caused by a command injection vulnerability in the SetVirtualServerSettings function. By sending a carefully crafted request using the LocalIPAddress parameter...

Flexense VX Search 代码问题漏洞

Flexense VX Search is a rule-based automated file search solution from Flexense. Allows users to search for files based on file type, category, filename, size, location, extension, regular expressions, text and binary patterns, creation, modification, and last access dates, EXIF tags, etc., save...

Debian: Security Advisory (DLA-70-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-27635

debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands because of an eval call via a crafted .deb file. The path is shown to the user before execution...

ZBT WE1626 安全漏洞

The ZBT WE1626 is a router. A security vulnerability exists in the ZBT WE1626 version v21.06.18 that originates from allowing an attacker to execute arbitrary commands via a serial connection to the UART port...

CVE-2022-45553

CVE-2022-45553 affects Shenzhen Zhibotong Electronics WBT WE1626 Router (version 21.06.18). The issue allows an attacker to execute arbitrary commands via a serial connection to the UART port. Public documentation provides this summary, with CVSSv3.1 base score 9.8 (CRITICAL) and impact on confid...

StarSoftComm HP CooCare 安全漏洞

StarSoftComm HP CooCare is a remote diagnostic software from StarSoftComm China. A security vulnerability exists in StarSoftComm HP CooCare version 5.304. An attacker can exploit the vulnerability to elevate privileges and execute arbitrary commands by uploading specially crafted files...

The vulnerability of the QTS and QuTS operating systems lies in the lack of measures to neutralize special elements used in the operating system’s commands, allowing attackers to execute arbitrary commands.

The vulnerability of the QTS and QuTS operating systems is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a special HTTP request...

The software platform for container deployment in the SUSE Rancher production environment is vulnerable. This vulnerability stems from the failure to address the need to neutralize certain special elements used in the operating system command set. This allows attackers to execute arbitrary commands.

The vulnerability of the software platform for container deployment in the SUSE Rancher wrangler production environment exists due to the lack of measures taken to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a remote attacker to execu...

CVE-2023-22765 Authenticated Remote Command Execution in the ArubaOS Command Line Interface

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

PT-2023-1680 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: The issue is related to the lack of input sanitization in the command line interface of ArubaOS, which can be exploited by a remote attacker to execute arbitrary commands as a privileged us...