The vulnerability of the mj_raster_cmd() function (contrib/japanese/gdevmjc.c) in the software suite for processing Ghostscript document conversion and generation is related to writing beyond the buffer boundaries, allowing an attacker to trigger a service failure.

The vulnerability of the mjrastercmd function contrib/japanese/gdevmjc.c in the software suite for processing, transforming, and generating Ghostscript documents is related to writing beyond the buffer boundaries. Exploiting this vulnerability may allow a malicious actor to cause service failures...

Design/Logic Flaw

A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

The vulnerability of a node’s shell for the `curl` command, related to the failure to eliminate special elements used in operating system commands, allows a perpetrator to execute arbitrary commands.

The vulnerability of a node’s command-line interface for the curl command relates to the failure to address the special elements used in operating system commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary commands...

Integer overflow

While handling the vendor command there is an integer truncation issue that could yield a buffer overflow due to int data type copied to u8 data type in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU,...

CVE-2016-11041

An issue was discovered on Samsung mobile devices with KK4.4 software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 June 2016...

CVE-2019-17650

An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check...

CVE-2019-16928

Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in stringvformat in string.c involving a long EHLO command...

CVE-2019-5484

Bower before 1.8.8 has a path traversal vulnerability permitting file write in arbitrary locations via install command, which allows attackers to write arbitrary files when a malicious package is extracted...

PT-2019-17702 · Twitter · Bower

Name of the Vulnerable Software and Affected Versions: bower versions prior to 1.8.8 Description: The issue allows for a path traversal vulnerability, enabling file write in arbitrary locations via the install command. This occurs because bower does not verify that extracted symbolic links do not...

Debian DLA-1871-1 : vim security update

Several minor issues have been fixed in vim, a highly configurable text editor. CVE-2017-11109 Vim allows attackers to cause a denial of service invalid free or possibly have unspecified other impact via a crafted source aka -S file. CVE-2017-17087 Vim sets the group ownership of a .swp file to t...

OS Command Injection

vim is vulnerable to OS command injection. The :source! command in a modeline allows remote attackers to execute arbitrary OS commands...

The vulnerability of the run_command function in the Git distributed version control system allows a hacker to execute arbitrary commands.

The vulnerability of the runcommand programming interface in a distributed version control system like Git is related to insufficient cleaning of input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

ICSA-19-099-02 Siemens Spectrum Power 4.7

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: Spectrum Power 4.7 Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability in versions of Spectrum Power 4 using the user-specific...

HCL legacy IVR system security vulnerability

HCL legacy IVR systems are a set of interactive voice inter-response systems. A security vulnerability exists in HCL legacy IVR systems, which originates from a program that executes commands and functions with the help of audio signals. The vulnerability can be exploited by an attacker to open...

DLink #DSL2750B OS Command Injection Exploit

This Metasploit module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through "cli" parameter that is directly used to invoke "ayecli" binary. Vulnerable firmwares are from 1.01 up to 1.03. This module requires Metasploit:...

Rockwell Automation Allen Bradley Micrologix 1400 Series B FRN Denial of Service Vulnerability (CNVD-2018-07294)

Allen Bradley Micrologix 1400 Series B is a programmable logic controller from Rockwell Automation. A denial of service vulnerability exists in the handling of the snmp-set command in Allen Bradley Micrologix 1400 Series B version 21.2 and lower. An attacker could exploit this vulnerability by...

CVE-2018-6530

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

CVE-2017-12552

CVE-2017-12552 is a local arbitrary command-execution flaw in HPE System Management Homepage (SMH) for Windows and Linux, affecting versions prior to 7.6.1. The root cause is an issue in SMH that permits execution of OS commands from a crafted request. The documented impact includes potential com...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...

The vulnerability of D-Link and TRENDnet’s microprogrammed router services allows attackers to execute arbitrary commands or bypass authentication mechanisms, thereby gaining full control over the device.

The vulnerability of D-Link and TRENDnet’s microprogrammed router software services is related to deficiencies in the authentication process when processing the ping command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the pingaddr parameter...