NEC Aterm WG2600HS 操作系统命令注入漏洞

The NEC Aterm WG2600HS is a wireless router from Nippon Electric NEC. Aterm WG2600HS: Version 1.5.1 contains a security vulnerability that could allow a remote attacker to execute arbitrary shell commands on the target system...

mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user

A vulnerability was found in mariadb and in the mysql wsrep patch that allows remote code execution. A user with SUPER privileges could execute arbitrary shell commands in the context of the mariadb server process...

Debian: Security Advisory (DSA-4819-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4819-1 : kitty - security update

Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat. C Tenable Network Security,...

Debian DSA-4811-1 : libxstream-java - security update

It was discovered that the default blacklist of XStream, a Java library to serialise objects to XML and back again, was vulnerable to the execution of arbitrary shell commands by manipulating the processed input stream. For additional defense-in-depth it is recommended to switch to the whitelist...

Security Bulletin: CVE-2019-10173CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands

Summary CVE-2019-10173 xstream API If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands Vulnerability Details CVEID: CVE-2019-10173 DESCRIPTION: xstream API could allow a remote attacker to execute arbitrary commands on the system,...

Remote code execution

XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist i...

Oracle WebCenter Portal Multiple Vulnerabilities (Oct 2020 CPU)

Binary data oraclewebcenterportalcpuoct2020.nbin...

Design/Logic Flaw

In the git-tag-annotation-action open source GitHub Action before version 1.0.1, an attacker can execute arbitrary shell commands if they can control the value of the tag input or manage to alter the value of the GITHUBREF environment variable. The problem has been patched in version 1.0.1. If yo...

Debian DLA-2393-1 : snmptt security update

It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. A remote attacker, by sending a malicious crafted SNMP trap, could possibly execute arbitrary shell code with the privileges of the process or cause a...

GLSA-202007-63 : SNMP Trap Translator: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-63 SNMP Trap Translator: Multiple vulnerabilities It was found that SNMP Trap Translator does not drop privileges as configured and does not properly escape shell commands in certain functions. Impact : A remote attacker, b...

CVE-2019-14894

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms...

GHSA-V8V8-6859-QXM4 Arbitrary shell command execution in logkitty

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

Arbitrary shell command execution in logkitty

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

D-Link DIR-865L Operating System Command Injection Vulnerability

The D-Link DIR-865L is a wireless router from AUO D-Link of Taiwan, China. An operating system command injection vulnerability exists in D-Link DIR-865L Ax version 1.20B01 Beta. An attacker can exploit the vulnerability by sending a specially crafted request to execute arbitrary shell commands...

Cayin Content Management Server 11.0 - Remote Command Injection (root)

Title: Cayin Content Management Server 11.0 - Remote Command Injection root Author:LiquidWorm Date: 2020-06-04 Vendor: https://www.cayintech.com CVE: N/A Cayin Content Management Server 11.0 Root Remote Command Injection Vendor: CAYIN Technology Co., Ltd. Product web page: https://www.cayintech.c...

CVE-2020-3205 Cisco IOS Software for Cisco Industrial Routers Virtual Device Server Inter-VM Channel Command Injection Vulnerability

A vulnerability in the implementation of the inter-VM channel of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers Industrial ISRs and Cisco 1000 Series Connected Grid Routers CGR1000 could allow an unauthenticated, adjacent attacker to execute arbitrary shell comman...

CVE-2020-3205

CVE-2020-3205 — Cisco IOS inter-VM channel injection involves Cisco IOS Software on Cisco 809/829 Industrial ISRs and CGR1000, where insufficient validation of signaling packets to the Virtual Device Server (VDS) allows an unauthenticated, adjacent attacker to execute arbitrary shell commands wit...

Design/Logic Flaw

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...

CVE-2019-17562

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac...