CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2022-43486

Buffalo network devices are affected by CVE-2022-43486, a hidden functionality vulnerability that lets a network-adjacent attacker with administrative privileges enable debug features and execute arbitrary commands on the device. The issue applies to Buffalo network devices; the exact affected mo...

PT-2022-28036 · NetGear · Rax30 Firmware

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The default console presented to users over telnet, when enabled, is restricted to a subset of commands. However, commands issued at this console appear...

NETGEAR Nighthawk 操作系统命令注入漏洞

The NETGEAR Nighthawk WiFi6 Router is a series of routers that support WiFi 6 technology and are designed for users who are looking for a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a command injection vulnerability that originates from improper user input...

CVE-2022-47210

The default console presented to users over telnet when enabled is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device...

USN-5781-1 emacs24 vulnerability

It was discovered that Emacs did not properly manage certain inputs. An attacker could possibly use this issue to execute arbitrary commands...

Contec CONPROSYS HMI System 操作系统命令注入漏洞

Contec CONPROSYS HMI System is an HTML5-based HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System CHS Ver.3.4.4 and earlier versions, which is rooted in susceptibility to an O...

D-Link DIR-3040 命令注入漏洞

D-Link DIR-3040 is a router from China Youxun D-Link. It provides the function of connecting to the network. D-Link DIR-3040 has a command injection vulnerability, which stems from the SetTriggerLEDBlink function fails to properly filter the construct command special characters, commands, etc. An...

Debian: Security Advisory (DLA-3239-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the command-line interface (CLI) of Cisco Firepower Threat Defense (FTD) microprogramming system and Cisco FXOS operating systems on Cisco Firepower 4100 and Firepower 9300 devices allows attackers to execute arbitrary commands.

The vulnerability of the command-line interface CLI of Cisco Firepower Threat Defense microprogramming systems and Cisco FXOS operating systems in Cisco Firepower 4100 and Firepower 9300 devices is related to insufficient checking of command arguments. Exploiting this vulnerability allows an...

PT-2022-27415 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: CHICKEN versions 5.x before 5.3.1 Description: The issue allows arbitrary OS command execution during package installation via escape characters in a .egg file. This is due to a problem in the egg-compile.scm file. Recommendations: For CHICKE...

The vulnerability of D-Link DIR-823G router microprogramming software arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This vulnerability allows a hacker to execute arbitrary operating system commands.

The vulnerability of the D-Link DIR-823G router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands usin...

Tenda W6 操作系统命令注入漏洞

Tenda W6-S is a router from Tenda, a Chinese company. Tenda W6-S is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands on the system...

CVE-2022-45026

An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom allows attackers to execute arbitrary commands during the GFM export process...

CVE-2022-39044

Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and...

CVE-2022-39044

CVE-2022-39044 is a Buffalo network devices vulnerability: a hidden functionality flaw can allow a network-adjacent attacker with admin privileges to execute arbitrary OS commands. Affected devices include models such as WCR-300, WHR-HP-G300N, WHR-HP-GN, WPL-05G300, WZR-300HP, WZR-450HP, WZR-600D...

The vulnerability of the command-line interface (CLI) of the FortiTester software, a hardware-based diagnostic and network auditing tool, allows a perpetrator to execute arbitrary commands.

The vulnerability of the command-line interface CLI of the FortiTester software for diagnosing and auditing computer networks is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows an attacker to execute...

CVE-2022-46333 Proofpoint Enterprise Protection perl eval() arbitrary command execution

The admin user interface in Proofpoint Enterprise Protection PPS/PoD contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below...

CVE-2022-46333 Proofpoint Enterprise Protection perl eval() arbitrary command execution

The admin user interface in Proofpoint Enterprise Protection PPS/PoD contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below...