CVE-2023-22496

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function healthalarmexecute is called. This...

PT-2023-18547 · Netdata +2 · Netdata +2

Name of the Vulnerable Software and Affected Versions: Netdata agent versions prior to 1.37 stable and 1.36.0-409 nightly Description: An issue exists where an attacker can execute arbitrary commands on a targeted Netdata agent by establishing a streaming connection and providing a specially...

Updated ctags packages fix security vulnerability

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-46478

The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data...

The vulnerability of the data loading function of the Web Manager application, integrated with SSL for the Wi-Fi module of Lantronix PremierWave 2050, allows a hacker to execute arbitrary commands.

The vulnerability of the data loading function of the Web Manager application in the Lantronix PremierWave 2050 Wi-Fi module exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor...

FreeBSD : emacs -- arbitary shell command execution vulnerability of ctags (76e2fcce-92d2-11ed-a635-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 76e2fcce-92d2-11ed-a635-080027f5fec9 advisory. - GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Git (CVE-2018-1000021)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary command execution in Git, caused by the failure to validate messages received from a Git server CVE-2018-1000021. Git is included in the base operating system used by IBM Watson Speech. Please read...

Cisco RV160和RV260 输入验证错误漏洞

Cisco Small Business is a switch from Cisco USA. A security vulnerability exists in the Cisco Small Business RV160, RV260 Series VPN Routers that stems from insufficient validation of user input. An attacker could exploit the vulnerability to execute arbitrary commands...

Linksys WRT54GL Buffer Overflow Vulnerability

The Linksys WRT54GL is a wireless router from Linksys USA. A buffer overflow vulnerability exists in the Linksys WRT54GL Wireless-G Broadband Router. The vulnerability stems from a boundary error in the StartEPI function in the httpd binary when handling untrusted input, and can be exploited by a...

CVE-2022-46603

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file...

Design/Logic Flaw

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file...

Inkdrop 跨站脚本漏洞

Inkdrop is a note-taking application with a powerful Markdown editor by the Japanese individual developer Takuya. A security vulnerability exists in Inkdrop version v5.4.1. An attacker can exploit this vulnerability to execute arbitrary commands by uploading specially crafted markdown files...

PT-2023-14962 · Inkdrop · Inkdrop

Name of the Vulnerable Software and Affected Versions: Inkdrop version 5.4.1 Description: An issue in Inkdrop allows attackers to execute arbitrary commands via uploading a crafted markdown file. Recommendations: For Inkdrop version 5.4.1, update to a version that contains a fix for this issue, a...

CVE-2022-46603

Inkdrop, version 5.4.1, contains a vulnerability where attackers can run arbitrary commands by uploading a crafted Markdown file. The issue affects Inkdrop’s Markdown handling and root cause is described across multiple sources as a vulnerability in v5.4.1; remediation guidance is to update to a ...

CVE-2022-46603

An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file...

The vulnerability of the login/index.php implementation of the application for managing servers with CentOS Web Panel allows a hacker to execute arbitrary commands.

The vulnerability of the login/index.php implementation of the server management application for CentOS Web Panel is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2022-39073

There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands...

Aruba Networks EdgeConnect Enterprise Orchestrator 安全漏洞

Aruba Networks EdgeConnect Enterprise Orchestrator is a centralized SD-WAN management solution from Aruba Networks, Inc. It provides optimization, management, automation, and real-time visibility and monitoring features for enterprise users. A security vulnerability exists in Aruba Networks...

Aruba Networks ClearPass Policy Manager 操作系统命令注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. An operating system command injection vulnerability exists in Aruba Networks ClearPass Policy Manager. An attacker could use this vulnerability to run...

Aruba Networks ClearPass Policy Manager 操作系统命令注入漏洞

Aruba Networks ClearPass Policy Manager is an Aruba Networks application that provides a secure access management system for wireless networks. An operating system command injection vulnerability exists in Aruba Networks ClearPass Policy Manager. An attacker could use this vulnerability to run...