xterm: Arbitrary Code Execution

Background xterm is a terminal emulator for the X Window system. Description xterm does not correctly handle control characters related to OSC 50 font ops sequence handling. Impact The vulnerability allows text written to the terminal to write text to the terminal's command line. If the terminal'...

Apache Airflow 操作系统命令注入漏洞

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring. Apache Airflow is vulnerable to an operating system command injection vulnerability, which stems from an improper...

PT-2022-25595 · Parallels · Parallels Remote Application Server

Name of the Vulnerable Software and Affected Versions: Parallels Remote Application Server version 18.0 Description: The issue allows attackers to execute arbitrary commands via a crafted payload injected into the Host header, which is a result of a Host Header Injection attack. This enables...

The vulnerability of the implementation of the SetNetworkTomographySettings() function in the microprogrammed software for D-link DIR-823G routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetNetworkTomographySettings function implementation in D-link DIR-823G router microprogramming software is related to insufficient cleaning of input data used in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...

BACKCLICK 安全漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, evaluate, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from its publicly available internal communication interface that allows ...

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...

BACKCLICK 访问控制错误漏洞

BACKCLICK is a marketing software from BACKCLICK, Germany, that helps organizations create, implement, evaluate, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from its publicly available CORBA management service that allow...

CVE-2022-40847

In Tenda AC1200 Router model W15Ev2 V15.11.0.101576, there exists a command injection vulnerability in the function formSetFixTools. This vulnerability allows attackers to run arbitrary commands on the server via the hostname parameter...

Tenda AC1200 操作系统命令注入漏洞

The Tenda AC1200 is a wireless router from Tenda, China. A security vulnerability exists in the Tenda AC1200 version 15.11.0.10, which is caused by a command injection vulnerability in the function formSetFixTools. The vulnerability allows an attacker to run arbitrary commands on the server via...

CVE-2022-28689

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-28689

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

Code injection

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-28689

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-28689

CVE-2022-28689 affects InHand Networks InRouter302 (v3.5.45). Talos reports a console debug leftover that allows arbitrary command execution when an attacker issues a crafted sequence of requests to the device’s console, enabling a hidden or legacy command path (e.g., a leftover “support” functio...

SAP GUI 代码注入漏洞

SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...

The vulnerability of D-Link DIR-846 router’s microprogramming software lies in the insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DIR-846 router’s microprogramming software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created request /HNAP1/ within the...

CVE-2022-37912

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

CVE-2022-37902

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system...