7638 matches found
PT-2022-20170 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and prior, including dev master commit 3f7c0364 and earlier Description: A directory traversal issue exists in the unzipDirectory functionality, allowing an attacker to send a specially-crafted HTTP request that can...
Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2022-1292 and CVE-2022-2068) or an attacker may obtain sensitive information (CVE-2022-2097) due to OpenSSL
Summary A vulnerability in OpenSSL could allow a remote attacker to execute arbitrary commands CVE-2022-1292 and CVE-2022-2068 or obtain sensitive information CVE-2022-2097. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2022-2097 DESCRIPTIO...
CVE-2022-35603
CVE-2022-35603 affects sazanrjb InventoryManagementSystem 1.0 in which the vulnerability lies in CustomerDAO.java via the searchTxt parameter, enabling SQL injection and the execution of arbitrary SQL. Root cause: improper handling of user input leading to query manipulation. Impact: high (C/H/I/...
The vulnerability of the Cisco Stealthwatch Enterprise threat detection and analysis web interface, which arises due to insufficient validation of input data, allows attackers to execute arbitrary commands.
The vulnerability of the Cisco Stealthwatch Enterprise threat detection and analysis web interface exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary commands with administrator privileges...
AIX is vulnerable to arbitrary command execution due to OpenSSL
IBM SECURITY ADVISORY First Issued: Wed Aug 17 16:39:03 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/openssladvisory36.asc https://aix.software.ibm.com/aix/efixes/security/openssladvisory36.asc...
Vulnerability Spotlight: Vulnerabilities in WWBN AVideo web app could lead to command injection, authentication bypass
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the WWBN AVideo web application that could allow an attacker to carry out a wide range of malicious actions, including command injection and...
PT-2022-23341 · Nintendo · Nintendo Wi-Fi Network Adaptor Wap-001
Name of the Vulnerable Software and Affected Versions: Nintendo Wi-Fi Network Adaptor WAP-001 affected versions not specified Description: The issue allows an attacker with administrative privilege to execute arbitrary OS commands via unspecified vectors. There is no information provided about th...
WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1546 WWBN AVideo aVideoEncoder chunkfile OS command injection vulnerability August 16, 2022 CVE Number CVE-2022-30534 SUMMARY An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit...
The vulnerability of the Reolink RLC-410W camera’s microprogramming software arises from the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows a intruder to execute arbitrary commands.
The vulnerability of the Reolink RLC-410W IP camera’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2022-2354
The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should...
CVE-2022-2354
The CVE-2022-2354 issue affects the WordPress WP-DBManager plugin prior to version 2.80.8 and enables administrators in multisite installations (where only super-administrators should have it) to execute arbitrary commands on the server. Multiple sources (NVD/NIST, Red Hat, CVE lists, and Nessus ...
PT-2022-16060 · WordPress · Wp-Dbmanager
Name of the Vulnerable Software and Affected Versions: WP-DBManager versions prior to 2.80.8 Description: The issue allows administrators to run arbitrary commands on the server in multisite installations, where only super-administrators should have this capability. Recommendations: For versions...
Command injection
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...
CVE-2022-35555
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...
mc-kill-port vulnerable to Arbitrary Command Execution via kill function
All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...
CVE-2022-25973
All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...
Command injection
All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...
CVE-2022-25973
mc-kill-port is vulnerable to Arbitrary Command Execution via the kill function due to missing sanitization of the port argument. Affected versions (as described across multiple sources) expose an exploit path where an attacker can inject commands through the port parameter, enabling local comman...
CVE-2022-25973 Arbitrary Command Execution
All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...
CVE-2022-25973
All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument...