The vulnerability of the malware scanning service of the Linux web server security platform Imunify360 allows a hacker to execute arbitrary commands.

The vulnerability of the Ai-Boilt malware scanning service for Linux web servers running Imunify360 is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created malware file...

Apache Log4j JNDI message lookup vulnerability

Added: 12/16/2021 Background Apache Log4j is a logging library used by many Java applications. Problem An attacker who is able to control log message content could embed a JNDI reference to an LDAP or RMI URL which downloads an executable Java class, leading to arbitrary command execution...

The vulnerability of the vBulletin commercial web forum, related to errors in code generation, allows a hacker to execute arbitrary commands.

The vulnerability of the commercial vBulletin web forum is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created parameter in the ajax/render/widgetphp script...

CVE-2021-34426 Arbitrary command execution in Keybase Client for Windows

A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user's Git repository could leverage this vulnerability to...

Command injection

A command execution vulnerability exists in the wificountrycodeupdate functionality of the homesecurity binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to arbitrary command execution...

CVE-2021-23862

CVE-2021-23862 describes an authenticated command-injection flaw: a crafted configuration packet sent by an authenticated administrative user can execute arbitrary commands in the system context. Affected products include Bosch VRM, DIVAR IP, BVMS with VRM installed, and the VIDEOJET decoder (VJD...

CVE-2021-42129

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution...

CVE-2021-42132

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution...

Command injection

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution...

Command injection

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution...

CVE-2021-42129

CVE-2021-42129 affects Ivanti Avalanche prior to 6.3.3. Multiple connected sources describe a command injection/remote code execution vulnerability in Ivanti Avalanche components, with different root causes cited: NVD/NVD entry notes a command execution via Inforail Service; Red Hat advisory refe...

The vulnerability of the implementation of the runAgentRestarter method in the mobile device management system Avalanche allows a hacker to execute arbitrary commands.

The vulnerability of the runAgentRestarter method in the mobile device management system Avalanche is related to insufficient cleaning of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted data...

elecom lan routers operating system command injection vulnerability (CNVD-2021-95483)

elecom lan routers is a router from Elecom Japan. An operating system command injection vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

CVE-2021-20859

ELECOM LAN routers WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior,...

Design/Logic Flaw

ELECOM LAN routers WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors...

elecom lan routers buffer overflow vulnerability

elecom lan routers is a router from Elecom Japan. A buffer overflow vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

elecom lan routers operating system command injection vulnerability

elecom lan routers is a router from Elecom Japan. An operating system command injection vulnerability exists in elecom lan routers, which can be exploited by an attacker to execute arbitrary operating system commands via an unspecified vector...

The vulnerability of the /etc/sudoers component of the EyesOfNetwork (EON) monitoring software for systems and networks allows a perpetrator to escalate their privileges and execute arbitrary commands.

The vulnerability of the /etc/sudoers component of the EyesOfNetwork EON monitoring software for systems and networks is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to enhance their privileges and execute arbitrary commands using NSE scripts...

The Perl fingerd program allows arbitrary command execution from remote users.

...

The vulnerability of the command-line interface (CLI) of Cisco Firepower Threat Defense (FTD) microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface CLI of Cisco Firepower Threat Defense FTD microprogramming systems lies in insufficient checking of command arguments. Exploiting this vulnerability allows an attacker to execute arbitrary commands...