aEnrich a+HRD 代码问题漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich that stems from its a+HRD's insufficient filtering of specific URL parameters which allows an unauthenticated, remote attacker to send arbitrary HTTP requests to...

The vulnerability of the software-hardware interface for diagnosing and auditing computer networks in FortiTester allows a perpetrator to execute arbitrary commands.

The vulnerability of the FortiTester’s software-and-hardware diagnostic and audit tool exists because measures are not taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using special...

[SECURITY] [DLA 3257-1] emacs security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3257-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 31, 2022 https://wiki.debian.org/LTS -...

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

...

The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 allows a hacker to execute arbitrary commands.

The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the dir...

D-Link DIR-846 Command Injection Vulnerability (CNVD-2023-21666)

D-Link DIR-846 is a wireless router from D-Link, China. d-link DIR-846 A1FW100A43 has a command injection vulnerability, which originates from the autoupgradehour parameter in the SetAutoUpgradeInfo function fails to properly filter the construct command special characters The vulnerability can b...

CVE-2022-44015

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xpcmdshell extended procedure...

CVE-2022-44015

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xpcmdshell extended procedure...

CVE-2021-32692

Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a...

ActivityWatch 操作系统命令注入漏洞

ActivityWatch is a free and open source automated time tracker from ActivityWatch Open Source. An operating system command injection vulnerability exists in ActivityWatch versions prior to 0.11.0, which stems from a vulnerability that allows an attacker to execute arbitrary commands on any macOS...

CVE-2021-32692

Activity Watch (aw-watcher-window) is vulnerable to OS command execution on macOS when pre-0.11.0 releases run. The flaw arises from printAppTitle.scpt, enabling an attacker to run arbitrary commands by persuading a user to visit a page with a crafted title (browser is the likely vector). Impact ...

DEBIAN-CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

AZL-34647 CVE-2022-4515 affecting package ctags for versions less than 6.1.0-1

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

AZL-12083 CVE-2022-4515 affecting package ctags for versions less than 5.9.20220619.0-7

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

Design/Logic Flaw

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

D-Link DIR-3040 Command Injection Vulnerability

D-Link DIR-3040 is a router from China Youxun D-Link. It provides the function of connecting to the network. D-Link DIR-3040 has a command injection vulnerability, which stems from the SetTriggerLEDBlink function fails to properly filter the construct command special characters, commands, etc. An...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...