编号撤回

Laravel is a PHP Web development framework PHP Web Framework. A command execution vulnerability exists in Laravel that can be exploited by an attacker to perform remote code execution RCE...

Elasticsearch Logstash allows remote attackers to execute arbitrary commands

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

CVE-2022-25995

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

SonicWall Global VPN Client DLL Search Order Hijacking via Application Installer

SonicWall Global VPN Client 4.10.7 installer 32-bit and 64-bit and earlier have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. CVE: CVE-2021-20051 Last updated: Apr...

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

CVE-2022-26265

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution RCE vulnerability via the component phpcli parameter...

SUSE-SU-2022:0735-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

Command Execution Vulnerability in TOTOLINK A850R

The A850R is a Gigabit dual band wireless router. A command execution vulnerability exists in the TOTOLINK A850R, which can be exploited by an attacker to gain control of the server...

CVE-2022-24711 Remote CLI Command Execution Vulnerability in CodeIgniter4

CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. Prior to version 4.1.9, an improper input validation vulnerability allows attackers to execute CLI routes via HTTP request. Version 4.1.9 contains a patch. There are currently no known workarounds for this vulnerabilit...

Command Execution Vulnerability in SuperMap iServer 10i of Beijing SuperMap Software Co.

SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. A command execution vulnerability exists in SuperMap iServer 10i of Beijing SuperMap Software Co. Ltd. that can be exploited by an attacker to gain control of the server...

Command Execution Vulnerability in BossCMS of Wenzhou Huyin Information Technology Co.

BossCMS is a content management system based on self-developed PHP framework MySQL architecture developed by Wenzhou Huyin Information Technology Co. A command execution vulnerability exists in BossCMS, which can be exploited to gain server privileges...

Command Execution Vulnerability in Sunflower Personal Edition for Windows at Shanghai Berry Information Technology Co.

Sunflower is a free, all-in-one remote control management tool software that integrates remote control of computer and cell phone, remote desktop connection, remote boot, remote management, and intranet penetration support. Ltd. Sunflower Personal Edition for Windows has a command execution...

Fortinet FortiWeb Command Execution Vulnerability

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Command Execution Vulnerability in Neusoft Firewall

Neusoft Group Corporation is a software technology-based company with business focus on smart city, healthcare, smart car connectivity, and software products and services. A command execution vulnerability exists in Neusoft Firewall, which can be exploited by attackers to execute arbitrary comman...

Command Execution Vulnerability in NetGuard Security Management Platform of Beijing NetGuard Nebula Information Technology Co.

Beijing Nethub Information Technology Co., Ltd. was renamed from Lenovo Nethub Technology Beijing Co., Ltd. and its business covers network border security protection, application and data security protection, network-wide security risk management, professional security solutions and professional...

Command Execution Vulnerability in qimengcms Backend

qimengcms is a content management system. A command execution vulnerability exists in the qimengcms backend, which can be exploited by an attacker to gain site privileges...

Extreme CMS suffers from a command execution vulnerability (CNVD-2021-52075)

Extreme CMS abbreviation: JIZHICMS is a free and open source PHP website building CMS system. Extreme CMS has a command execution vulnerability that can be exploited by attackers to gain server privileges...

Aruba ClearPass Policy Manager Command Execution Vulnerability (CNVD-2021-50091)

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager has a security vulnerability that allows remote authenticated users to arbitrarily run commands on the underlying host...

Command Execution Vulnerability in TopGate500 at Skyrise Technology Group

Founded in 1995 as the first network security enterprise in China, Skyrun Technology Group has become a leading network security, big data and cloud service provider in China. A command execution vulnerability exists in TopGate500 of Tianrongxin Technology Group, which can be exploited by an...

Command Execution Vulnerability in PatrolFlow Multiservice Security Gateway Intelligent Management Platform of Byzoro Networks (CNVD-2021-51332)

Beijing Byzoro Network Technology Co., Ltd. is a high-tech enterprise dedicated to building the next-generation secure Internet. A command execution vulnerability exists in the PatrolFlow multi-service security gateway intelligent management platform of Byzoro Networks, which can be exploited by...