SUSE CVE-2016-6903

lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands...

SUSE CVE-2017-14867

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code i...

SUSE CVE-2019-14811

A flaw was found in, ghostscript versions prior to 9.50, in the .pdfhookDSCCreator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. A specially crafted PostScript file could disable security protection and then have access to the fi...

SUSE CVE-2021-3781

A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...

SUSE CVE-2021-21372

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...

SUSE CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

SUSE CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

UQCMS SQL注入漏洞

UQCMS is a simple purchasing software that can be traded online to manage products such as offers. A security vulnerability exists in UQCMS version 2.1.3, which originates from a SQL injection vulnerability contained in the homecontrolscart.class.php file. An attacker can exploit the vulnerabilit...

SolarWinds Platform 代码问题漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from U.S.-based SolarWinds, Inc. A security vulnerability exists in SolarWinds Platform version 2022.4.1, which stems from vulnerability to deserialization of untrustworthy data and can be exploited by an...

The vulnerability of the D-Link DIR-610 network device’s microprogramming software arises from the lack of measures taken to neutralize the special elements used in the operating system commands. This vulnerability allows a hacker to execute arbitrary commands.

The vulnerability of the D-Link DIR-610 network device exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the cmd parameter in the...

PT-2023-20270 · Connectwise · Connectwise Control

Name of the Vulnerable Software and Affected Versions: ConnectWise Control versions through 22.9.10032 Description: The issue concerns the cryptographic code signing process in ConnectWise Control. It allows an attacker to add instructions to a signed executable file without invalidating the...

Dell PowerScale OneFS Command Injection Vulnerability

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is a command injection vulnerability that can be exploited by attackers to cause arbitrary command execution, denial of service, information disclosure, and data deletion...

Future-Depth Institutional Management Website SQL注入漏洞

Future-Depth Institutional Management Website is a user-friendly institutional website from the individual developers at Future-Depth that offers various types of courses for students. A security vulnerability exists in Future-Depth Institutional Management Website IMS version 1.0. An attacker...

CVE-2022-4883

A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...

TOTOLINK T8 setUpgradeFW Method Command Injection Vulnerability

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the slaveIpList parameter of the setUpgradeFW method failing to correctly filter construct command special...

TOTOLINK T8 recvSlaveCloudCheckStatus method version parameter command injection vulnerability

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. TOTOLINK T8 suffers from a command injection vulnerability that stems from the version parameter of the recvSlaveCloudCheckStatus method failing to properly filter construct command speci...

TOTOLINK T8 meshSlaveDlfw Method Command Injection Vulnerability

TOTOLINK T8 is a wireless dual-band router that is mainly used for internet connection and data transmission. The TOTOLINK T8 suffers from a command injection vulnerability that stems from the serverIp parameter of the meshSlaveDlfw method failing to properly filter constructed command special...

CVE-2022-48074

An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file...

CVE-2022-48074

An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file...

CVE-2023-24153

A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet...