TOTOLINK N300RT 缓冲区错误漏洞

TOTOLINK N300RT is a wireless router from TOTOLINK Corporation that complies with the 802.11n standard. The TOTOLINK N300RT version 3.4.0-B20250430 contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the iscmdstringvalid function of the libapmib.so component,...

VulnCheck KEV: CVE-2022-31208

An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmdstring URL parameter...

EUVD-2015-0730

Malware in sbrugna...

EUVD-2013-0726

Malware in sbrugna...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the execute function in the CliRuntimeRunner.java file, which is included in a command string and may be exposed in an error message if a command is not found. An attacker can obtain sensitive credential...

CVE-2023-26107

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

In Emacs before 29.4 org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function such as shell-command-to-string. This affects Org Mode before 9.7.5.

...

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtilwriteComment fails to sanitize comments for a -- sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection...

SketchSVG Arbitrary Code Injection vulnerability

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

PT-2023-20494 · Sketchsvg · Sketchsvg

Name of the Vulnerable Software and Affected Versions: sketchsvg versions all Description: The issue is related to Arbitrary Code Injection when invoking shell.exec without proper sanitization or parametrization, specifically while concatenating the current directory as part of the command string...

git -- Multiple vulnerabilities

This release contains 2 security fixes: CVE-2022-39253 When relying on the --local clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks or copies of the dereferenced link in the destination repository. This can lead to surprising behavior where...

Emissary 跨站请求伪造漏洞

Emissary is a software application. A P2P-based data-driven workflow engine that operates across heterogeneous and potentially widely distributed multi-tier P2P network computing resources. U.S. National Security Agency NSA Emissary 5.9.0 suffers from a cross-site request forgery vulnerability th...

D-link DIR-816 A2 Remote Code Injection Vulnerability

The D-link DIR-816 A2 is a wireless AC750 dual-band router. A remote code injection vulnerability exists in the D-link DIR-816. The vulnerability stems from the availability of HTTP request parameters in the command string construction in the handler function of /goform/dirsetWanWifi. The...

Input validation

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://...

Design/Logic Flaw

A denial of service issue in HTTPD was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5. An attacker without authorization can upload a file to upload.php with a filename longer than 256 bytes. This will be placed in the updownload area. It will not be deleted, because...

CVE-2019-1803 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Root Privilege Escalation Vulnerability

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

CVE-2018-17064

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked...

ISC BIND rndc Control Channel Interface Assertion Failure Denial of Service (CVE-2017-3138)

A denial-of-service vulnerability exist in ISC BIND. The vulnerability is due to improper handling of a null command string sent to rndc control channel interface. A remote, authenticated attacker could exploit this vulnerability by sending a maliciously crafted packet to the rndc control channel...

Debian DSA-3854-1 : bind9 - security update

Several vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the...

[SECURITY] [DSA 3854-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3854-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2017 https://www.debian.org/security/faq -...