MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3 and earlier versions, which stems fro...

SUSE CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

D-Link DIR-846 Command Execution Vulnerability

A command execution vulnerability exists in the D-Link DIR-846, a wireless router from D-Link in Taiwan, China, which originates in the product HNAP1/control/SetNetworkTomographySettings.php file. The vulnerability is caused by the fact that the HNAP1/control/SetNetworkTomographySettings.php file...

Design/Logic Flaw

Remote Command Execution RCE vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters...

CVE-2021-46315

Remote Command Execution RCE vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link Router DIR-846 DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin. Malicoius users can use this vulnerability to use "\ " or backticks in the shell metacharacters in the ssid0 or ssid1 parameters...

CVE-2018-19988

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without...

xunfeng Command Injection Vulnerability

xunfeng is a rapid vulnerability response and asset scanning system for enterprise intranets. A command injection vulnerability exists in xunfeng version 0.2.0, which stems from the failure of the masscan.py file to properly handle backquote characters and can be exploited by an attacker to execu...

Mutt and NeoMutt Arbitrary Command Execution Vulnerabilities

NeoMutt is a patched version of Mutt, a text-based mail client for Unix-like systems developed by Michael Elkins Software Developers. An arbitrary command execution vulnerability exists in Mutt versions prior to 1.10.1 and NeoMutt versions prior to 2018-07-16, which stems from a failure of mutt t...

DEBIAN-CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

DEBIAN-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

ALPINE-CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

UBUNTU-CVE-2018-14354

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription...

UBUNTU-CVE-2018-14357

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription...

PT-2018-3300 · Mutt +7 · Mutt +7

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.10.1 NeoMutt versions prior to 2018-07-16 Description: The issue allows remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscriptio...

Unitrends Backup Remote Code Execution Vulnerability

Unitrends Backup UB is a set of data protection software from the American company Unitrends. The software provides data backup, data recovery and deduplication functions. A security vulnerability exists in the user interface of UB versions prior to 10.1.0. The vulnerability can be exploited to...

CVE-2018-6328

It was discovered that the Unitrends Backup UB before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes...

CVE-2018-6328

It was discovered that the Unitrends Backup UB before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes...