GHSA-46Q3-7GV7-QMGG Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

PT-2026-48342

Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.5.15 Net::IMAP versions prior to 0.6.5 Description The Net::IMAPid and Net::IMAPenable functions do not properly validate their arguments. When Net::IMAPid is called with a hash argument, it fails to prohibit CRLF...

Net::IMAP: Command Injection via ID command argument

Summary Two Net::IMAP commands, id and enable, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and expected to be uncommon. Details Whe...

EUVD-2021-13933

Malware in sbrugna...

Milesight UR32L libzebra.so bridge_group OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1698 Milesight UR32L libzebra.so bridgegroup OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22306 SUMMARY An OS command injection vulnerability exists in the libzebra.so bridgegroup functionality of Milesight UR32L v32.3.0.5. A specially...

CVE-2021-27166

An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable command is gpon...

CVE-2021-27166

CVE-2021-27166 affects FiberHome HG6245D devices (RP2613) and is described as a trust management issue that can be exploited via default/hard-coded credentials (e.g., enable password set to “gpon”). Several connected sources indicate credential-related weaknesses, including hard-coded/default pas...

CVE-2020-3394 Cisco Nexus 3000 and 9000 Series Switches Privilege Escalation Vulnerability

A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker to issue the enable command and get full administrative privileges. To exploit this vulnerability, the attack...

The vulnerability of the Apache Tomcat application server arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Tomcat application server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, as a result of the default enabled parameter “enableCmdLineArguments” of the CGI server...