CVE-2023-33270

An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection blind...

The vulnerability of the system check function of the Cisco IOS XR allows a hacker to execute arbitrary code.

The vulnerability of the Cisco IOS XR operating system’s check function is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code on the base operating system...

SUSE CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

CVE-2020-20502

Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function...

CVE-2020-20502

Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function...

CVE-2020-20502

CVE-2020-20502 affects yzCMS v2.0, where a Cross-Site Request Forgery via the token check function allows a remote attacker to execute arbitrary code. The vulnerability is documented across multiple feeds (NVD, Red Hat, PRION, CNNVD, CVE List, etc.) with consistent description: CSRF in yzCMS v.2....

SUSE CVE-2023-26129

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within t...

GHSA-8VW3-VXMJ-H43W bwm-ng vulnerable to command injection

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within t...

CVE-2023-26129

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within t...

CVE-2023-26129

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within t...

kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets

A use-after-free flaw was found in the Linux kernel’s IGMP protocol in how a user triggers a race condition in the ipcheckmcrcu function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

SUSE CVE-2012-4522

The rbgetpathcheck function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code...

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer Advanced Updater are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...

The vulnerability of the email verification function of the RPM package manager allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the check function in software with RPM support is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of data...

OpenConnect Input Validation Error Vulnerability

OpenConnect is an open source application for connecting to virtual private networks. A security vulnerability exists in OpenConnect 8.08 and earlier versions, which stems from the program failing to properly handle negative values returned by calls to the 'X509check' function. An attacker could...

Command injection

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16842)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the iocheckd service 'I/O-Check' function of the WAGO PFC200 03.02.0214. An attacker can exploit this vulnerability to inject OS commands via specially crafted XML cache files...

WAGO PFC200 Command Injection Vulnerability (CNVD-2020-16845)

The WAGO PFC200 is a programmable logic controller PLC from WAGO Germany. A command injection vulnerability exists in the I/O-Check function of the iocheckd service in the WAGO PFC200. The vulnerability arises from a network system or product not properly filtering special characters, commands,...

CVE-2019-5169

An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...