7633 matches found
Debian DLA-2615-1 : spamassassin security update
Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. For Debian 9 stretch, this problem has been fixed in version...
Rockwell Automation FactoryTalk AssetCentre 代码问题漏洞
Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. A security vulnerability exists in Rockwell Automation FactoryTalk...
GLSA-202103-01 : Salt: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202103-01 Salt: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Salt. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary commands v...
Rockwell Automation FactoryTalk AssetCentre 操作系统命令注入漏洞
Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. An OS command injection vulnerability exists in Rockwell Automation...
CVE-2021-23363
The CVE affects the npm package kill-by-port (before v0.0.2). The root cause is unsanitized attacker-controlled input passed to child_process.exec, enabling Arbitrary Command Injection. Documented impact is arbitrary command execution via input to killByPort, with examples and a PoC in Snyk data ...
Aruba Instant Command Injection Vulnerability (CNVD-2021-26049)
Aruba Instant is a cloud-hosted controller-less wireless access point. A command injection vulnerability exists in the command line interface of Aruba Instant, which can be exploited by an attacker to execute arbitrary commands in the underlying operating system...
Xerox Phaser 6510 安全漏洞
The Xerox Phaser 6510 is a printer from the American company Xerox. It provides printing functionality. A security vulnerability exists in Xerox Phaser, which can be exploited by an attacker to execute arbitrary commands, affecting the following products and versions: Xerox Phaser 6510 before...
CVE-2021-21372
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger...
JVN#64869876: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. Improper Neutralization of JavaScript input in the page editing function CWE-79 - CVE-2021-20681 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...
CVE-2021-27372
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands...
Cisco IOS XE Buffer Overflow Vulnerability
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A buffer overflow vulnerability exists in the vDaemon process for SD-WAN on Cisco IOS XE. The vulnerability stems from insufficient boundary checking when the device processes...
Cisco IOS XE Arbitrary Command Execution Vulnerability (CNVD-2021-22184)
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary command execution vulnerability exists in the CLI for SD-WAN in Cisco IOS XE. The vulnerability stems from insufficient validation of user-supplied input. An attacker...
CVE-2021-1432 Cisco IOS XE SD-WAN Software Arbitrary Command Execution Vulnerability
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected device as a low-privileged user to exploit this...
Cisco IOS XE SD-WAN Software 注入漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary command execution vulnerability exists in the CLI for SD-WAN in Cisco IOS XE. The vulnerability stems from insufficient validation of user-supplied input. An attacker...
CVE-2021-23360
This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
Ssnau killport 命令注入漏洞
Ssnau killport is Ssnau an open source application. Provides a nodejs module to kill the functionality of any process on a given port. A security vulnerability exists in versions prior to killport 1.0.2. The vulnerability allows an attacker to execute arbitrary commands...
CVE-2021-23359
This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...
CVE-2021-23355
CVE-2021-23355 affects all versions of the npm package ps-kill . The vulnerability arises from unsafely passing attacker-controlled input to Node.js’s child_process.exec in the index.js kill function, enabling arbitrary command execution. Proof-of-concept demonstrates invoking a shell command via...
CVE-2021-23355
This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...
Npm ps-kill 命令注入漏洞
Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...