CVE-2022-26514 Delta Electronics DIAEnergie SQL Injection in DIAE_tagHandler.ashx

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability that exists in DIAEtagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

The vulnerability of the threat detection mechanism of Microsoft Defender for IoT, which stems from the lack of proper validation of the user-inputted string, allows attackers to escalate their privileges or execute arbitrary code.

The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism is related to the lack of proper validation of the string entered by the user before it is used to execute system commands. Exploiting this vulnerability can allow attackers to enhance their privileges or execute...

Code Execution Vulnerability in EmpireCMS v7.5 Backend

EmpireCMS is an open source software program that runs on a PHP MySQL database. A code execution vulnerability exists in the EmpireCMS v7.5 backend, which can be exploited by an attacker to upload Trojan horse files and execute system commands...

EulerOS 2.0 SP5 : spamassassin (EulerOS-SA-2021-1706)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this,...

Mubu Authorization Issues Vulnerability

Mubu is a platform for online writing from Mubu, a company based in Beijing, China. An authorization issue vulnerability exists in Mubu version 2.2.1, which stems from its failure to strictly limit user privileges and can be exploited by a local attacker to execute system commands...

Design/Logic Flaw

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0...

DEBIAN-CVE-2019-20807

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces e.g., Python, Ruby, or Lua...

The vulnerability of the Agent component of the Dr.Web anti-virus protection software, Dr.Web Enterprise Security Suite, allows a hacker to execute system commands.

The vulnerability of the Agent Dr.Web component in the Dr.Web Enterprise Security Suite antivirus protection tool is related to deficiencies in the mechanism for checking the digital signatures of executable files during the creation of communication channels with drivers. Exploiting this...

Command injection

System command injection in the /DroboAccess/deleteuser endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to execute system commands via the "username" URL parameter...

Command injection

System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter...

Command injection

System Command Injection in network.setauthsettings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters...

CVE-2018-1469

IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow an unauthenticated attacker to execute system commands using specially crafted HTTP requests. IBM X-Force ID: 140605...

Oracle Database Attacking Tool: ODAT

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that tests the security of Oracle Databases remotely . Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a...