CVE-2022-27482

Fortinet FortiADC is affected by CVE-2022-27482 due to improper neutralization of special elements in OS commands, enabling local attackers to run arbitrary shell code as root via CLI. Affected versions span 7.0.0–7.0.1, 6.2.0–6.2.2, 6.1.0–6.1.6, 6.0.x, and 5.x.x. The underlying issue is an OS co...

CVE-2022-30303

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

FortiWeb - OS command injection in Web GUI

An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to...

PT-2022-16876 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.18.0 through 1.20.2 Description: The issue allows a malicious actor controlling the code executed in a Deno runtime to bypass all permission checks and execute arbitrary shell code. This does not affect users of Deno Deploy. T...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and built with Rust. Versions of Deno from 1.18.0 to 1.20.2 contain a security vulnerability that allows an attacker to bypass all privilege checks and execute arbitrary shell code...

Debian DLA-2393-1 : snmptt security update

It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the process or cause a...

GLSA-202007-63 : SNMP Trap Translator: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-63 SNMP Trap Translator: Multiple vulnerabilities It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. Impact : A remote attacker, b...

Fedora 30 : kdelibs3 (2019-f9f78895c3)

This update fixes CVE-2019-14744 kconfig arbitrary shell code execution in the KDE 3 compatibility version of kdelibs used by legacy KDE 3 applications. The full list of fixes in this kdelibs3 build : - fixes CVE-2019-14744 - kconfig: malicious .desktop files and others would execute code. KConfi...

Code injection

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code...

CVE-2014-3927

mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code...

Shell Injection

rack-perftoolsprofiler is vulnerable to shell injection attacks. A malicious user can inject and execute arbitrary shell code when passing arguments to the profiler...

GLSA-201401-26 : Zabbix: Shell command injection

The remote host is affected by the vulnerability described in GLSA-201401-26 Zabbix: Shell command injection If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are...

Zabbix: Shell command injection

Background Zabbix is software for monitoring applications, networks, and servers. Description If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are disabled. Impact A...

klibc: Command Injection

Background klibc is a minimalistic libc used for making an initramfs. Description The ipconfig utility in klibc writes DHCP options to /tmp/net-$DEVICE.conf, and this file is later sourced by other scripts to get defined variables. The options written to this file are not properly escaped. Impact...

Gentoo Security Advisory GLSA 200703-11 (amarok)

The remote host is missing updates announced in advisory GLSA 200703-11. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200703-11 (amarok)

The remote host is missing updates announced in advisory GLSA 200703-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Webnews.exe Buffer Overflow Vulnerability

The remote host appears to be running WebNews, which offers web-based access to Usenet news. This CGI script suffers from a buffer overflow vulnerability. SPDX-FileCopyrightText: 2003 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...