CVE-2021-41146 Arbitrary command execution on Windows in qutebrowser

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a qutebrowserurl: URL handler. With certain applications, opening a specially crafted qutebrowserurl:... URL can lead to execution of...

‘Lone Wolf’ APT Uses Commodity RATs

An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...

Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2022-10721)

Aruba ClearPass Policy Manager is an application of Aruba, Inc. that provides wireless network security access management system Aruba ClearPass Policy Manager has a security vulnerability that stems from a remote arbitrary command execution vulnerability in Aruba ClearPass Policy Manager version...

CVE-2021-40995

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

Command injection

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-40998

The CVE-2021-40998 entry corresponds to a remote arbitrary command execution in Aruba ClearPass Policy Manager. Affected versions are ClearPass Policy Manager 6.10.x prior to 6.10.2, 6.9.x prior to 6.9.7-HF1, and 6.8.x prior to 6.8.9-HF1. The issue is described across multiple sources as a remote...

CVE-2021-40998

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

CVE-2021-37739

CVE-2021-37739 affects Aruba ClearPass Policy Manager (various versions: 6.8.x before 6.8.9-HF1, 6.9.x before 6.9.7-HF1, 6.10.x before 6.10.2). The vulnerability is a remote arbitrary command execution issue in ClearPass Policy Manager. Producers/connected sources consistently describe a remote c...

Aruba ClearPass Policy Manager 命令注入漏洞

HPE Aruba ClearPass Policy Manager is a Network Access Control NAC solution.A remote command injection vulnerability exists in HPE Aruba ClearPass Policy Manager. An attacker can exploit this vulnerability to execute arbitrary commands...

Schneider Electric CNM

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: ConneXium Network Manager CNM Software Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...

Schneider Electric ConneXium Network Manager Software 安全漏洞

Schneider Electric ConneXium Network Manager Software Schneider Electric Cnm is an industrial Ethernet network management software from Schneider Electric France. A security vulnerability exists in Schneider Electric ConneXium Network Manager Software that stems from a privilege management issue...

Command injection

A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: 6.4.x.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x.x: 6.5.4.20 and below; Aruba Instant 8.5.x.x: 8.5.0.12 and below; Aruba Instant 8.6.x.x: 8.6.0.11 and below; Aruba Instant 8.7.x.x: 8.7.1.3...

CVE-2021-37727

CVE-2021-37727 describes a remote command injection in HPE Aruba Instant (IAP) CLI/Web UI. Root cause: improper neutralization of special elements used in a command. Impact: unauthenticated remote arbitrary command execution with high risk, as documented (CVSSv3 base 7.2). Affected: Aruba Instant...

CVE-2021-33733

CVE-2021-33733 affects Siemens SINEC NMS (versions prior to 1.0 SP2 Update 1). The vulnerability is an SQL injection in the web server that, when combined with authenticated access, could allow an attacker to execute arbitrary commands in the local database by sending crafted requests. Impact is ...

CVE-2021-33729

CVE-2021-33729 affects Siemens SINEC NMS, all versions prior to 1.0 SP2 Update 1. It is described as an SQL Injection vulnerability that, when exploited by an authenticated attacker, could allow execution of arbitrary commands in the local database. The connected sources consistently identify thi...

SAP Business One 安全漏洞

SAP Business One is a suite of enterprise management software from SAP, a German company. SAP Business One version 10.0 is vulnerable to CSV injection, which can be exploited by attackers to execute arbitrary commands on a victim's computer...

Emerson WirelessHART Gateway 操作系统命令注入漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. The Emerson WirelessHART Gateway suffers from an operating system command injection vulnerability that originates from incorrect validation of input in a password phrase. An attacker could exploit this vulnerability to pass...

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host...

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine aircraft monitoring application, which allows a violator to execute arbitrary commands

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine monitoring application exists because measures are not taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

CVE-2021-39826

Adobe Digital Editions 4.5.11.187646 and earlier are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously...