CVE-2022-40764

CVE-2022-40764 affects Snyk CLI and related IDE plugins; before 1.996.0, it allowed arbitrary command execution, potentially via viewing untrusted files in VS Code. The original demonstration involved shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1 and...

PT-2022-25524 · Snyk +1 · Snyk-Go-Plugin +5

Name of the Vulnerable Software and Affected Versions: Snyk CLI versions prior to 1.996.0 snyk-go-plugin versions prior to 1.19.1 Snyk TeamCity plugin versions prior to 20220930.142957 Description: The issue allows for arbitrary command execution, affecting Snyk IDE plugins and the snyk npm...

Puppet 安全漏洞

Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...

The vulnerability of the microprogrammed wireless network adapter software of Lenovo’s Quectel EM05-CE laptops, related to the lack of measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the microprogrammed wireless network adapter Quectel EM05-CE for Lenovo laptops is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows an attacker to execute arbitrary commands by sending...

TOTOLINK A860R 操作系统命令注入漏洞

TOTOLINK A860R is a wireless router from China Gion Electronics TOTOLINK.TOTOLINK A860R version V4.1.2cu.5182B20201027 is vulnerable to command injection, which stems from the component /cgi-bin/downloadFile.cgi failing to properly filter the construct command special characters, commands, etc. A...

PT-2022-25228 · Unknown · Clash For Windows

Name of the Vulnerable Software and Affected Versions: Clash for Windows version 0.19.9 Description: A misconfiguration in the Service Mode profile directory allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. Recommendations: For Clash for Windo...

Cisco SD-WAN 路径遍历漏洞

Cisco SD-WAN is a highly secure cloud-scale architecture from Cisco that is open, programmable, and scalable.Cisco SD-WAN has an access control error vulnerability that stems from improper access control of commands in the application CLI, which could be exploited by an attacker to elevate...

Aruba Networks ArubaOS 操作系统命令注入漏洞

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A command execution vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from the...

TOTOLINK T6 sub_421AA0 Function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421AA0 function in cstecgi.cgi failing to properly filter construct command...

TOTOLINK T6 sub_421504 Function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421504 function in cstecgi.cgi failing to properly filter construct command...

CVE-2022-38826

In TOTOLINK T6 V4.1.5cu.709B20210518, there is an execute arbitrary command in cstecgi.cgi...

TOTOLINK T6 操作系统命令注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421504 function in cstecgi.cgi failing to properly filter construct command...

PT-2022-24584 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.709 B20210518 Description: The issue allows for the execution of arbitrary commands in the cstecgi.cgi file. Recommendations: For TOTOLINK T6 version 4.1.5cu.709 B20210518, consider disabling access to the...

TOTOLINK A700RU 操作系统命令注入漏洞

TOTOLINK A700RU is a wireless dual-band router from China's Gion Electronics TOTOLINK. TOTOLINK A700RU V7.4cu.2313B20191024 suffers from an operating system command injection vulnerability, which originates from a command injection that can be performed via the lang parameter in the function...

PT-2022-4873 · Quectel · Quectel Em05-Ce

Name of the Vulnerable Software and Affected Versions: Quectel EM05-CE wireless network adapter versions affected versions not specified Description: The issue is related to the microprogram software of Quectel EM05-CE wireless network adapters in Lenovo laptops, which fails to neutralize special...

Apple PDFKit 安全漏洞

Apple PDFKit is one of Apple's Apple PDF document generation components. A security vulnerability exists in Apple PDFKit, which can be exploited by attackers to execute illegal commands...

The vulnerability of the byte_4C0160 function in D-Link DSL-3782 router microprogramming software allows a hacker to enhance their privileges and execute arbitrary commands.

The vulnerability of the byte4C0160 function in D-Link DSL-3782 router microprogramming software is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...

CVE-2022-34869

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

Hardcoded credentials

Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command...

PT-2022-20055 · Fortinet · Fortisoar

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSOAR versions prior to 7.2.1 Description: The issue is related to improper privilege management, allowing a GUI user who has already found a way to modify system files to execute arbitrary Python commands as root. Recommendation...