GHSA-2CM5-F78C-H2C8 Missing permission checks in Jenkins Distributed Fork Plugin

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

Missing permission checks in Jenkins Distributed Fork Plugin

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

Apache Maven Command Injection Vulnerability

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

VMware Workspace ONE Access and Identity Manager远程代码执行漏洞

Vmware Workspace One Access is a U.S.-based Vmware company that combines user identity with device and network information, among other factors, to make intelligent, conditional access decisions for Workspace One-delivered applications. vmware Workspace ONE Access and Identity Manager has a remot...

CVE-2021-26104

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...

Command injection

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...

CVE-2021-26104

Multiple OS command injection CWE-78 vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and belo...

GHSA-3988-H75V-HWF6 Arbitrary shell execution

A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option...

Arbitrary shell execution

A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option...

GHSA-MHFV-8RC9-W38C Arbitrary shell execution

Uses of shellexec and exec were not escaping filenames and configuration settings in most cases...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and built with Rust. Versions of Deno from 1.18.0 to 1.20.2 contain a security vulnerability that allows an attacker to bypass all privilege checks and execute arbitrary shell code...

PT-2022-16876 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions 1.18.0 through 1.20.2 Description: The issue allows a malicious actor controlling the code executed in a Deno runtime to bypass all permission checks and execute arbitrary shell code. This does not affect users of Deno Deploy. T...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

Improper access control

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

CVE-2022-24609

Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates/templatemanage.php, an attacker can write an arbitrary shell file...

Mageia: Security Advisory (MGASA-2020-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

Design/Logic Flaw

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...