CVE-2022-41751

Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration -rgt50 option...

Robustel R1510 操作系统命令注入漏洞

Robustel R1510 is an industrial VPN router from Robustel, China. Robustel R1510 version 3.1.16 suffers from an operating system command injection vulnerability. An attacker can exploit this vulnerability to execute arbitrary commands...

Robustel R1510 操作系统命令注入漏洞

The Robustel R1510 is an industrial VPN router from the Chinese company Robustel. An operating system command injection vulnerability exists in Robustel R1510 version 3.1.16 and version 3.3.0. An attacker can exploit this vulnerability to execute arbitrary commands...

Cross site scripting

A stored Cross-Site Scripting XSS vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php...

Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

TOTOLINK T6 操作系统命令注入漏洞

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. The TOTOLINK T6 suffers from a command injection vulnerability that stems from the sub421AA0 function in cstecgi.cgi failing to properly filter construct command...

PT-2022-24345 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: Cuppa CMS version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function at the "/table manager/view/cu user groups" API endpoin...

Cross site scripting

A cross-site scripting XSS vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field...

Code injection

DISPUTED The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

Ubuntu 22.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-5599-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5599-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

CVE-2022-1729

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...

DEBIAN-CVE-2022-1729

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...

CVE-2022-1729

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...

CVE-2022-1729

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...

CVE-2022-1729

A race condition was found the Linux kernel in perfeventopen which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc...

Mermaid 代码注入漏洞

Mermaid is a software application. Create charts and visualizations using text and code. A code injection vulnerability exists in Mermaid versions prior to 1.3.0, prior to 2.0.0-rc1, which can be exploited by an attacker to modify any mermaid block of code with arbitrary code, which will be...

Command injection

Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL...

CVE-2022-32572

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability...

SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2022:2819-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2819-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

CVE-2022-36381

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors...