Sql injection

A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field...

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Google Provider...

Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a suite of data center-grade operating system software used by Cisco's switches in the United States. A security vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of parameters passed to specific CLI commands. An attacker exploiting this...

Amazon Linux 2 : git (ALAS-2023-1943)

The version of git installed on the remote host is prior to 2.23.1-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1943 advisory. A flaw was found in the git fast-import command where it provides the export-marks feature that may unexpectedly overwrite...

CVE-2023-20050

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An...

K61002104: BIG-IP AFM and PEM TMUI XSS vulnerability CVE-2019-6639

Security Advisory Description Undisclosed TMUI pages for AFM and PEM Subscriber management are vulnerable to a stored cross-site scripting XSS issue. This is a control plane issue only and is not accessible from the data plane. The attack requires a malicious resource administrator to store the...

K45625134: Apache Subversion vulnerability CVE-2017-9800

Security Advisory Description A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a...

K04481502: Ghostscript vulnerability CVE-2021-3781

Security Advisory Description A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the...

K17452: OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883

Security Advisory Description CVE-2001-0361 Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version...

Mozilla Firefox 安全漏洞

The Milesight UR32L is a Lite industrial cellular router from Milesight. A command injection vulnerability exists in the Milesight UR32L zebra vlanname function, which can be exploited by an attacker to execute arbitrary commands on the system...

The vulnerability of the command-line interface (CLI) implementation of Zyxel networking devices allows a perpetrator to execute arbitrary commands.

The vulnerability of CLI implementations for Zyxel network devices involves a lack of measures to neutralize special elements used in OS commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

Checkmk 操作系统命令注入漏洞

Checkmk is an editor. Tribe29 Checkmk suffers from an operating system command injection vulnerability that stems from the presence of a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands within the local privileges of the application...

SUSE CVE-2004-0801

Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands...

SUSE CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script...

SUSE CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

SUSE CVE-2013-3628

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability...

SUSE CVE-2013-7220

js/ui/screenShield.js in GNOME Shell aka gnome-shell before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search...

SUSE CVE-2013-7323

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

SUSE CVE-2014-2886

GKSu 2.0.2, when sudo-mode is not enabled, uses " double quote characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during...

SUSE CVE-2016-4007

Multiple unspecified vulnerabilities in the obs-service-extractfile package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."...