7636 matches found
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
TotoLink routers 命令注入漏洞
TOTOLink T6 is a wireless dual-band router from TotoLink, China.A command injection vulnerability exists in the meshSlaveDlfw function of TOTOLink T6. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...
TotoLink routers 命令注入漏洞
TOTOLink T6 is a wireless dual-band router from TotoLink, China.TOTOLink T10 is a wireless network system router from TotoLink, China.A command injection vulnerability exists in the updateWifiInfo function of TOTOLINK Technology Routers T6 and T10. An attacker can exploit this vulnerability to...
TotoLink routers 命令注入漏洞
TOTOLink T6 is a wireless dual-band router from TotoLink, China. recvmeshinfosync function of TOTOLink T6 is vulnerable to command injection. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...
TotoLink routers 命令注入漏洞
TOTOLink T6 is a wireless dual-band router from China-based TotoLink. setUpgradeFW function of TOTOLink T6 is vulnerable to command injection. An attacker can exploit this vulnerability to execute arbitrary commands via specially crafted MQTT packets...
CVE-2021-46319
Remote Code Execution RCE vulnerability exists in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicious users can use this vulnerability to use "\ " or backticks to bypass the shell metacharacters in the ssid0 or ssid1 parameters to execute arbitrary commands.Th...
Design/Logic Flaw
Remote Command Execution RCE vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters...
CVE-2021-46315
Remote Command Execution RCE vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
CVE-2021-3781
A trivial sandbox enabled with the -dSAFER option escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highes...
CVE-2022-25174
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the same checkout directories for distinct SCMs for Pipeline libraries, allowing attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents...
PT-2022-17114 · Jenkins · Jenkins Pipeline: Multibranch Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Pipeline: Multibranch Plugin versions 706.vd43c65dec013 and earlier Description: The issue allows attackers with Item/Configure permission to invoke arbitrary OS commands on the controller through crafted SCM contents. This is possibl...
NEXCOM NIO50输入验证错误漏洞
The Nexcom NEXCOM NIO50 is a gateway for wireless connectivity in industrial environments from Nexcom, China. A security vulnerability exists in the NEXCOM NIO50, which is caused due to insufficient input validation, and can be exploited by an attacker to execute arbitrary commands with elevated...
FreeBSD : zsh -- Arbitrary command execution vulnerability (d923fb0c-8c2f-11ec-aa85-0800270512f4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d923fb0c-8c2f-11ec-aa85-0800270512f4 advisory. - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside t...
CVE-2021-22801
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software All Versions...
Privilege escalation
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software All Versions...
CVE-2021-22801
CVE-2021-22801 affects Schneider Electric ConneXium Network Manager (CNM) Software (all versions). It is a CWE-269 Improper Privilege Management vulnerability that could permit arbitrary command execution when CNM is configured with specially crafted event actions. Reported as CVSSv3 base 7.8 (AV...
CVE-2021-22801
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software All Versions...
GHSA-H9V8-RM3M-5H5F OS Command Injection in git-add-remote
git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...