Robustel R1510 操作系统命令注入漏洞

Robustel R1510 is an industrial VPN router from Robustel China.Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be affected by a command injection vulnerability in the /ajax/remove/ API, which...

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from Robustel China.The Robustel R1510 is vulnerable to an operating system command injection vulnerability, which stems from the fact that specially crafted network packets can be subject to a command injection vulnerability in the /ajax/setsystime/...

Robustel R1510 web_server ajax endpoints OS command injection vulnerabilities

Summary Multiple command injection vulnerabilities exist in the webserver ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities. Tested...

The vulnerability of the nxos_file_copy module in the Ansible configuration management system allows a hacker to execute arbitrary commands.

The vulnerability of the nxosfilecopy module in the Ansible configuration management system is related to incorrect external manipulation of the file name or path. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

PT-2022-3879 · Robustel · Robustel R1510

Name of the Vulnerable Software and Affected Versions: Robustel R1510 version 3.3.0 Description: The issue is related to command injection vulnerabilities in the web server action endpoints functionalities. A specially-crafted network request can lead to arbitrary command execution. The...

Debian DSA-5169-1 : openssl - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5169 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

CVE-2021-42056

Thales Safenet Authentication Client SAC for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges...

CVE-2021-42056

Thales SafeNet Authentication Client (SAC) for Linux/Windows up to version 10.7.7 creates insecure temporary files in /tmp (eToken.hid, eToken.lock) and /var/tmp (eToken.cache) with static names and permissive permissions. This enables a local attacker to perform a symlink attack to overwrite arb...

Arbitrary Command Execution

diffy is vulnerable to arbitrary command execution. The vulnerability exists in diff function in diff.rb because the double quotes of a file when running in Windows are not properly handled which allows an attacker to inject and execute arbitrary commands...

GHSA-5WW9-9QP2-X524 Improper handling of double quotes in file name in Diffy in Windows environment

The function that calls the diff tool in versions of Diffy prior to 3.4.1 does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string...

The vulnerability of the PAM auth function in the configuration management system and the remote execution of Salt operations allows a perpetrator to execute any commands they want.

The vulnerability of the PAM auth function in configuration management and remote execution of Salt operations is related to the absence of effective blocking for “locked accounts”. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

CVE-2022-33127

The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string...

CVE-2022-33127

CVE-2022-33127 concerns the Diffy library. The issue arises in the function that calls the diff tool in Diffy 3.4.1, which does not properly handle double quotes in a filename when run on Windows. This insufficient input handling can allow an attacker to execute arbitrary commands via a crafted s...

CVE-2022-31767

IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980...

CVE-2022-31795

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 Control Center devices before 8.1A SP02 P04. The vulnerability resides in the grelfinfo function in grel.php. An attacker is able to influence the username user, password pw, and file-name file parameters and inject special characters...

CVE-2022-31795

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 Control Center devices before 8.1A SP02 P04. The vulnerability resides in the grelfinfo function in grel.php. An attacker is able to influence the username user, password pw, and file-name file parameters and inject special characters...

CVE-2022-31794

CVE-2022-31794 affects Fujitsu ETERNUS CentricStor CS8000 Control Center prior to 8.1A SP02 P04. The issue is in hw_view.php: the function requestTempFile can be influenced via the unitName POST parameter, allowing an attacker to inject special characters (e.g., semicolons, backticks, command-sub...

WAVLINK AERIAL X 1200M Command Injection Vulnerability

WAVLINK AERIAL X 1200M, a WiFi extender from WAVLINK China, is vulnerable to a command injection vulnerability in version M79X3.V5030.180719, which stems from the execution of a POST received in adm.cgi spliced directly into a system function, which can be exploited by an attacker to exploit this...

CVE-2022-31311

An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request...

CVE-2022-31311

An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request...