CVE-2018-7832

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

CVE-2018-7832

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

Netgate pfSense CE Command Injection Vulnerability (CNVD-2018-26995)

Netgate pfSense CE is the United States Netgate company's set of free open source FreeBSD-based firewall and router software. A command injection vulnerability exists in the 'powerdacmode' POST parameter in Netgate pfSense CE version 2.4.4-RELEASE, which can be exploited by an attacker to execute...

CVE-2018-15709

CVE-2018-15709 affects Nagios XI 5.5.6, allowing remote authenticated attackers to execute arbitrary commands via crafted HTTP requests. Technical details across connected advisories indicate a command-injection issue in the Nagios XI Cmdsubsys/ajaxhelper.php submitcommand path, driven by insuffi...

CVE-2018-16462

A command injection vulnerability in the apex-publish-static-files npm module version 2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument...

Linksys E1200 and E2500 OS Command Injection Vulnerability

The Belkin Linksys E1200 and E2500 are both wireless router products in the E-Series from Belkin USA. An operating system command injection vulnerability exists in the Belkin Linksys E1200 with firmware version 2.0.09 and the Linksys E2500 with firmware version 3.0.04, which can be exploited by...

USN-3788-1 texlive-bin vulnerabilities

Jakub Wilk discovered that Tex Live incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2015-5700 It was discovered that Tex Live incorrectly handled certain files. An attacker could possibly use th...

Cisco Unity Connection Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation of...

WebKit Memory Misreference Vulnerability in Multiple Apple Products (CNVD-2018-21001)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...

CVE-2018-11781

A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed...

Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket

======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889, which is used by the "garcon" service. Among other things, garcon is...

CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

Node.js third-party modules: [apex-publish-static-files] Command Injection on connectString

I would like to report a command injection vulnerability in the apex-publish-static-files npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: apex-publish-static-files version: 2.0.0 npm page:...

CVE-2018-0674

AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors...

CVE-2018-0675

AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...

A10 ACOS Web Application Firewall SQL Injection Vulnerability

A10 ACOS Web Application Firewall WAF is a web application firewall from A10 Networks that protects against vulnerabilities such as injection, cross-site scripting, and cross-site request forgery. An SQL injection vulnerability exists in the A10 ACOS WAF that stems from the program failing to...

egg-scripts command injection vulnerability

egg-scripts is a deployment tool for deploying, running and managing egg projects. A command injection vulnerability exists in egg-scripts versions prior to 2.8.1. The vulnerability can be exploited to execute arbitrary shell commands with the help of maliciously crafted command line arguments...

CVE-2011-2767

modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting...

CVE-2018-3786

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...

Command injection

A command injection vulnerability in egg-scripts v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument...