PT-2022-17621 · Unknown · Mc-Kill-Port

Name of the Vulnerable Software and Affected Versions: mc-kill-port versions all Description: The issue concerns Arbitrary Command Execution via the kill function due to missing sanitization of the port argument. This allows for potential exploitation. No information is provided about the estimat...

Medium: openssl11

Issue Overview: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it ...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

Command injection

An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-22140

An os command injection vulnerability exists in the confsrv ucloudaddnode functionality of TCL LinkHub Mesh Wi-Fi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2022-21178

An os command injection vulnerability exists in the confsrv ucloudaddnewnode functionality of TCL LinkHub Mesh Wifi MS1G0001.0014. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability...

Medium: openssl

Issue Overview: A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it ...

The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...

The vulnerability of Cisco Small Business RV110W Wireless-N VPN Firewall, Cisco Small Business RV130 Series VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router lies in the absence of measures to sanitize input data, allowing attackers to execute arbitrary commands.

The vulnerability of the web-based management interfaces for Cisco Small Business RV110W Wireless-N VPN Firewalls, Cisco Small Business RV130 Series VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers is related to the lack of measures for input data...

TCL LinkHub Mesh Wi-Fi OS Command Injection Vulnerability

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.TCL LinkHub Mesh Wi-Fi is vulnerable to an operating system command injection vulnerability that originates in the confsrv ucloudaddnode function and can be exploited by attackers to cause arbitrary command execution...

TCL LinkHub Mesh Wi-Fi 操作系统命令注入漏洞

TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation.TCL LinkHub Mesh Wi-Fi is vulnerable to an operating system command injection vulnerability that originates in the confsrv ucloudaddnode function and can be exploited by attackers to cause arbitrary command execution...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A3600R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A3600R router lies in the lack of measures to sanitize input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the “Main” function in the microprogramming software of the TOTOLink A810R router allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in the microprogramming software for the TOTOLink A810R router is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerability of the editbrand.php implementation allows a hacker to execute arbitrary commands. This vulnerability exists in the Garage Management System optimization tool.

The vulnerability of the editbrand.php implementation, a tool for optimizing the garage management system process, relates to the lack of protective measures for the SQL query structure during the processing of the id parameter. Exploiting this vulnerability allows an attacker, operating remotely...

CVE-2022-22684

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in task management component in Synology DiskStation Manager DSM before 6.2.4-25553 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

Command injection

In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1...

Security Bulletin: OpenSSL for IBM i is vulnerable to arbitrary command execution (CVE-2022-2068)

Summary OpenSSL is vulnerable to arbitrary command execution due to improper validation of input by creshash script as described in the vulnerability details section. IBM i has addressed the vulnerability in OpenSSL with a fix as described in the remediation/fixes section. Vulnerability Details...

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary commands.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...