The vulnerability of the Arr-pm library for writing/readding RPM packages for the Ruby programming language interpreter allows a perpetrator to execute arbitrary commands.

The vulnerability of the Arr-pm library for writing/readding RPM packages for the Ruby programming language exists because measures to neutralize special elements used in the operating system command are not taken. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

Juniper Junos OS Arbitrary Command Execution (JSA69905)

The version of Junos OS installed on the remote host is affected by an arbitrary command execution vulnerability as referenced in the JSA69905 advisory. An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to...

Abode Iota 操作系统命令注入漏洞

Abode Iota is a reliable Diy home security system from Abode. Abode Iota version 6.9Z suffers from an operating system command injection vulnerability that stems from an attacker being able to send a malicious XML payload to its XCMD setAlexa function resulting in arbitrary command execution...

Abode Systems, Inc. iota All-In-One Security Kit telnet hard-coded password vulnerability

Talos Vulnerability Report TALOS-2022-1569 Abode Systems, Inc. iota All-In-One Security Kit telnet hard-coded password vulnerability October 20, 2022 CVE Number CVE-2022-29889 SUMMARY A hard-coded password vulnerability exists in the telnet functionality of Abode Systems, Inc. iota All-In-One...

CVE-2022-22248 Junos OS Evolved: Incorrect file permissions can allow low-privileged user to cause another user to execute arbitrary commands

An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within the context of the follow-on user's...

CVE-2022-22248

CVE-2022-22248 affects Juniper Networks Junos OS Evolved. Attackers with Junos CLI access can trigger an Incorrect Permission Assignment vulnerability in shell processing, enabling a low-privileged local user to modify a configuration file and cause another user to execute arbitrary commands, pot...

PT-2022-24702 · Unknown · Rava Certificate Validation System

Name of the Vulnerable Software and Affected Versions: RAVA certificate validation system affected versions not specified Description: The issue is related to insufficient filtering for a special parameter of the web page input field in the RAVA certificate validation system. A remote attacker wi...

CVE-2022-41751

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option...

UBUNTU-CVE-2022-41751

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option...

PT-2022-25670 · Mitre · Mitre Caldera

Name of the Vulnerable Software and Affected Versions: MITRE CALDERA version 4.1.0 Description: The issue allows stored XSS via the app.contact.gist field, also known as the gist contact configuration field, leading to the execution of arbitrary commands on agents. Recommendations: For MITRE...

CVE-2021-27406 PerFact OpenVPN-Client

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

Puppet command injection vulnerability

Puppet is a set of client/server C/S architecture-based configuration management tools from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in puppet puppetlabs-mysql...

Puppet puppetlabs-apt module command injection vulnerability

Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...

TOTOLINK NR1800X UploadFirmwareFile Command Injection Vulnerability

TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China's TOTOLINK. designed to provide fast and easy deployment of NR fixed data services in homes and offices. A command injection vulnerability exists in TOTOLINK NR1800X version V9.1.0u.6279B20210910, which originates from t...

TOTOLINK A860R Command Injection Vulnerability

TOTOLINK A860R is a wireless router from China Gion Electronics TOTOLINK.TOTOLINK A860R version V4.1.2cu.5182B20201027 is vulnerable to command injection, which stems from the component /cgi-bin/downloadFile.cgi failing to properly filter the construct command special characters, commands, etc. A...

CVE-2022-37890

CVE-2022-37890 describes unauthenticated buffer overflow vulnerabilities in Aruba InstantOS and ArubaOS 10 web management interfaces. Exploitation can execute arbitrary commands on the underlying Aruba InstantOS/OS, with affected versions including InstantOS 6.4.x (6.4.4.8-4.2.4.20 and below), 6....

Generex UPS Adapter CS141 安全漏洞

Generex UPS Adapter CS141 is a UPS Uninterruptible Power System adapter from Generex, a German company.A command execution vulnerability exists in Generex UPS Adapter CS141 versions prior to 2.08, which originates from the web of runupdate in /usr/bin/gxservice -update.sh interface fails to...

TOTOLINK NR1800X 操作系统命令注入漏洞

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a command injection...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...

CVE-2022-40764

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in...