CVE-2022-43867

Summary: CVE-2022-43867 affects IBM Spectrum Scale Container Native Storage Access. The following versions are impacted: 5.1.0.1 through 5.1.4.1. The vulnerability could allow a local attacker to execute arbitrary commands inside the container. The IBM Security bulletin (and X-Force ID 239437) li...

Debian dla-3219 : jhead - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3219 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3219-1 [email protected]...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious...

CVE-2022-23465 SwiftTerm vulnerable to arbitrary command execution

SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing...

CVE-2022-23465 SwiftTerm vulnerable to arbitrary command execution

SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing...

CVE-2022-23465

SwiftTerm (Xterm/VT100 terminal emulator) contains a vulnerability where an attacker could modify the window title via a specific escape sequence and then re-insert it into the user’s terminal to execute arbitrary commands. The issue is addressed in commit a94e6b24d24ce9680ad79884992e1dff8e150a31...

SwiftTerm 安全漏洞

SwiftTerm is a VT100/Xterm terminal emulator library for Swift applications from the individual developer Miguel de Icaza. SwiftTerm suffers from a security vulnerability that stems from the fact that an attacker can modify the window title with a specific character escape sequence and then inser...

CVE-2022-43325

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to execute arbitrary commands.

The vulnerability of the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted data...

PT-2022-20159 · Unknown · Asith-Eranga Isic Tour Booking

Name of the Vulnerable Software and Affected Versions: asith-eranga ISIC tour booking versions prior to the version published after Feb 13th 2018 Description: The issue allows attackers to execute arbitrary commands via the username parameter to "/system/user/modules/mod users/controller.php". Th...

CVE-2022-22984

Technical details (affected products/versions, root cause, fixes) for CVE-2022-22984 are not provided in the supplied documents. Monitor for updates from the listed sources for clarification and remediation guidance.

CVE-2022-36964

CVE-2022-36964 involves a deserialization vulnerability in SolarWinds Platform (Orion Platform) that can allow a remote attacker with valid access to the SolarWinds Web Console to execute arbitrary commands. Technical details across connected sources indicate the issue arises from deserializing u...

CVE-2022-45939

A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags. Mitigation Do not run Etags with untrusted input, in an untrusted directory or set of files, for example...

D-Link DIR-823G Command Execution Vulnerability

D-Link DIR-823G is a wireless router from D-Link, a Chinese company. D-Link DIR-823G firmware version 1.02B05 contains a command execution vulnerability that stems from sub42383C's failure to properly filter constructed command special characters, commands, etc. The vulnerability can be exploited...

Advantech R-SeeNet SQL Injection (CVE-2021-21924)

An SQL injection vulnerability exists in Advantech R-SeeNet. The vulnerability is due to improper input. A successful attack may result in arbitrary SQL command execution against the database on the target server...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution via the customGitFetch feature, which is enabled by default. Remediation Upgrade github.com/sourcegraph/sourcegraph-public-snapshot/cmd/gitserver/server to version 4.1.0 or higher. References - GitHub Commit ...

Parallels Remote Application Server 安全漏洞

Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. in the United States. A security vulnerability exists in Parallels Remote Application Server version v18.0 that stems from the vulnerability of the web client to...

Sourcegraph 安全漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. A security vulnerability exists in Sourcegraph versions prior to 4.1.0, which can be exploited to execute arbitrary commands on the Gitserver when a site administrator enables the experimental "customGitFetch"...

CVE-2022-40870

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...

CVE-2022-41943 Incorrect default permissions found in Sourcegraph

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...