Veritas Technologies Backup Exec 安全漏洞

Veritas Technologies Backup Exec is a powerful suite of data backup recovery tools from Veritas Technologies, USA. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies the installation process and improves manageability...

Veritas Technologies Backup Exec 安全漏洞

Veritas Technologies Backup Exec is a powerful suite of data backup recovery tools from Veritas Technologies, USA. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies the installation process and improves manageability...

CVE-2024-33673

An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path...

PT-2024-25429 · Veritas · Veritas Backup Exec

Name of the Vulnerable Software and Affected Versions: Veritas Backup Exec versions prior to 22.2 HotFix 917391 Description: An issue was discovered in the Veritas Backup Exec software, where the Backup Exec Deduplication Multi-threaded Streaming Agent can be used to perform arbitrary file deleti...

GitLens Git Local Configuration Exec

GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...

Vulnerabilities fixed in Veritas BackupExec

Veritas has fixed vulnerabilities in BackupExec. A local malicious party can exploit the vulnerabilities to execute arbitrary code via a DLL injection to execute arbitrary code, or to remove arbitrary files from the system, potentially causing a Denial-of-Service. No CVE IDs have been disclosed f...

Silex Technology DS-600 安全漏洞

The Silex Technology DS-600 is a hardware device from Silex Technology, Inc. designed to easily connect and share USB 3.0 and 2.0 devices over a network. A security vulnerability exists in the Silex Technology DS-600 version v.1.4.1. A remote attacker can exploit the vulnerability to cause a deni...

CVE-2024-24487

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command...

CVE-2024-24487

The CVE-2024-24487 entry concerns Silex Technology DS-600 Firmware v1.4.1. A remote attacker can trigger a denial of service by sending crafted UDP packets that invoke the EXEC REBOOT SYSTEM command. Public documents identify the affected device and firmware version and describe the impact as DoS...

PT-2024-20417 · Silex Technology · Ds-600 Firmware

Name of the Vulnerable Software and Affected Versions: silex technology DS-600 Firmware version 1.4.1 Description: An issue in the silex technology DS-600 Firmware allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command. Recommendations:...

CVE-2024-3740 cym1102 nginxWebUI reload exec deserialization

A vulnerability, which was classified as critical, has been found in cym1102 nginxWebUI up to 3.9.9. This issue affects the function exec of the file /adminPage/conf/reload. The manipulation of the argument nginxExe leads to deserialization. The attack may be initiated remotely. The exploit has...

SUSE CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

GHSA-WVPX-G427-Q9WC llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

GHSA-HJQ6-52GW-2G7P yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

Summary The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in --exec, alo...

LlamaIndex 代码注入漏洞

LlamaIndex is a data framework for an LLM application by the individual developer Jerry Liu. A code injection vulnerability exists in LlamaIndex that stems from insufficient input validation of the safeeval function in executils, which allows injection at the prompt, leading to arbitrary code...

UBUNTU-CVE-2024-22423

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...

CVE-2024-28931

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2024-28930 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2024-29066

CVE-2024-29066 is an Windows DFS Remote Code Execution vulnerability. Affected: Windows Distributed File System (DFS). CVSS 3.1 base 7.2 (NETWORK, HIGH impact across Confidentiality, Integrity, Availability). Requirements: HIGH privileges, no user interaction; scope UNCHANGED. Concrete root-cause...

CVE-2023-47540

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.0.5 through 3.0.7 allows attacker ...