PT-2023-14923 · Unknown · Weston Embedded Uc-Ftps

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-FTPs version 1.98.00 Description: An out-of-bounds read issue exists in the PORT command parameter extraction functionality. This can be triggered by a specially-crafted set of network packets, leading to denial of service...

PT-2023-14922 · Unknown · Weston Embedded Uc-Ftps

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-FTPs version 1.98.00 Description: An out-of-bounds read issue exists in the PORT command parameter extraction functionality. A specially-crafted set of network packets can lead to denial of service. This occurs when no IP...

Fortinet addresses Vulnerabilities in FortiADC, FortiOS and FortiProxy

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has issued security patches for two high-severity vulnerabilities - an OS command vulnerability in FortiADC, and an out-of-bounds write flaw in sslvpnd of FortiOS and FortiProxy. To recei...

CVE-2023-27999

CVE-2023-27999 affects FortiADC 7.2.0 and 7.1.0–7.1.1. It is an OS command injection due to improper neutralization of special elements (CWE-78) in FortiADC’s command handling, allowing an authenticated attacker to execute arbitrary commands via specially crafted arguments to existing commands. A...

CVE-2022-40679

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all...

CVE-2022-40679

CVE-2022-40679 describes an OS command injection in Fortinet FortiADC (5.x–7.1.0), FortiDDoS (4.x–5.6), and FortiDDoS-F (6.1.0–6.4.0) caused by improper neutralization of special elements in existing commands. An authenticated attacker could execute unauthorized commands via crafted arguments. Ex...

CVE-2022-40679

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all...

FortiADC & FortiDDoS & FortiDDoS-F - Command injection in log & report module

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in FortiADC, FortiDDoS and FortiDDoS-F may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

FortiWeb & FortiADC - OS command injection in CLI

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiWeb & FortiADC may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

MiniDVBLinux 5.4 - Remote Root Command Injection

Exploit Title: MiniDVBLinux 5.4 - Remote Root Command Injection Exploit Author: LiquidWorm !/usr/bin/env python3 MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM...

GPT_Vuln-analyzer - Uses ChatGPT API And Python-Nmap Module To Use The GPT3 Model To Create Vulnerability Reports Based On Nmap Scan Data

This is a Proof Of Concept application that demostrates how AI can be used to generate accurate results for vulnerability analysis and also allows further utilization of the already super useful ChatGPT. Requirements Python 3.10 All the packages mentioned in the requirements.txt file OpenAi api...

Command injection

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2022-33869

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2022-33869

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the management interface of FortiWAN 4.0.0 through 4.5.9 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

SUSE CVE-2022-28736

There's a use-after-free vulnerability in grubcmdchainloader function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If a...

Command injection

OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

CVE-2022-23740 Improper Neutralization of Argument Delimiters in a Command in GitHub Enterprise Server leading to Remote Code Execution

CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This...

CVE-2022-33870

CVE-2022-33870 is a command injection vulnerability in FortiTester’s CLI caused by improper neutralization of special elements in OS commands. Affected FortiTester versions are 3.0.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0. An authenticated attacker could execute unauthorized commands via crafted arg...

FortiTester - Command injection in CLI command

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...

CVE-2022-35844

CVE-2022-35844 is a command-injection vulnerability in FortiTester’s management interface. It affects FortiTester versions 2.3.0–3.9.1, 4.0.0–4.2.0, and 7.0.0–7.1.0, caused by improper neutralization of special elements in OS commands. An authenticated attacker can execute unauthorized commands v...