EUVD-2016-2549

Malware in sbrugna...

CVE-2024-20418

creationtimestamp| type| source ---|---|--- 2024-11-06 17:09:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113437106972810589 2024-11-06 17:29:02+00:00| seen| https://infosec.exchange/users/vuldb/statuses/113437189233894586 2024-11-07 06:04:53+00:00| seen|...

Command injection

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

CVE-2023-30628 Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

CVE-2022-40740 Realtek GPON router - Command Injection

Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service...

CVE-2021-46007

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks...

CVE-2021-46007

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks...

Cisco Small Business Input Validation Error Vulnerability (CNVD-2021-37125)

Cisco Small Business is a switch from the American company Cisco Cisco. Cisco Small Business suffers from an Input Validation Error vulnerability that originates from an incorrect validation provided to the user. An attacker could exploit this vulnerability to perform command injection for attack...

Cisco Small Business Input Validation Error Vulnerability (CNVD-2021-37127)

Cisco Small Business is a switch from the American company Cisco Cisco. Cisco Small Business suffers from an Input Validation Error vulnerability that originates from an incorrect validation provided to the user. An attacker could exploit this vulnerability to perform command injection for attack...

Updated ruby packages fix security vulnerabilities

Ruby before 2.4.3 allows Net::FTP command injection. Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default...

CVE-2017-17790

The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...

Beta Firmware Updates Available for Vulnerable Netgear Routers

Netgear has begun pushing out beta versions of firmware updates that will address a critical vulnerability that was disclosed late last week. The networking vendor also confirmed that many more routers in its Nighthawk line are vulnerable than originally reported. The flaw allows attackers to car...