Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association that supports the creation of instructional content, remote training, and online question answering. The system supports the creation of instructional content, remote training and online question...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises due to the failure to take measures to eliminate special elements used in the operating system’s command set. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of Fortinet FortiWLM’s WLAN access point and LAN switch centralized management system exists due to the failure to take measures to neutralize special elements used in the operating system command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

Design/Logic Flaw

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21956

A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability...

ThoughtWorks GoCD 命令注入漏洞

ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A command injection vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which can be exploited by attackers to cause arbitrary command execution...

CVE-2022-20677

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

Cisco IOS XE Software输入验证错误漏洞

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.Cisco IOS XE has an elevation of privilege vulnerability that can be exploited by attackers to execute arbitrary commands as root...

PT-2022-2850 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operati...

npm-dependency-versio 操作系统命令注入漏洞

npm-dependency-versions is a dependency plugin for nmap. npm-dependency-versions is vulnerable to a command injection vulnerability that can be exploited by attackers to cause arbitrary command execution...

PT-2022-3217 · D Link · D-Link Dsl-G2452Dg

Name of the Vulnerable Software and Affected Versions: D-Link DSL-G2452DG version ME 2.00 Description: The issue is related to insecure permissions in the implementation of the execute cmd.cgi script in the D-Link DSL-G2452DG router's firmware. This could allow an attacker to execute arbitrary...

The vulnerability of the HTTP-demon microprogramming software in Wi-Fi routers ZyXEL NBG6816 (Armor Z1) and NBG6817 (Armor Z2) allows a hacker to execute arbitrary commands.

The vulnerability of the HTTP daemon of the microprogrammed Wi-Fi router devices ZyXEL NBG6816 Armor Z1 and NBG6817 Armor Z2 is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands using specially created malware...

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to execute arbitrary commands.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to authentication process flaws. Exploiting this vulnerability could allow attackers...

The vulnerability in the implementation of the util_execSystem() function in the libcmm.so module of the TP-Link TL-WR840N (ES) router’s software allows a hacker to execute arbitrary commands.

The vulnerability of the utilexecSystem function in the libcmm.so module of the TP-Link TL-WR840N ES router’s software lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...

ASUS RT-AC86U 安全漏洞

The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands and interrupt or terminate services...

[ASA-202204-7] gzip: arbitrary command execution

Arch Linux Security Advisory ASA-202204-7 ========================================= Severity: High Date : 2022-04-07 CVE-ID : CVE-2022-1271 Package : gzip Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-2666 Summary ======= The package gzip before version...

CVE-2022-24803

Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible...

CVE-2022-22986

Netcommunity OG410X and OG810X series Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...