EUVD-2012-2978

Malware in sbrugna...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068. Vulnerability Details CVEID:CVE-2024-27983 DESCRIPTION: Node.j...

Debian: Security Advisory (DSA-5578-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens SCALANCE W1750D Classic Buffer Overflow (CVE-2022-37890)

Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS...

CVE-2022-41139

CVE-2022-41139 affects MITRE CALDERA (version 4.1.0). The vulnerability is a stored XSS via the app.contact.gist field (gist contact configuration), which can lead to execution of arbitrary commands on agents. Public references consistently describe this as a stored XSS issue in CALDERA 4.1.0. Th...

CVE-2022-30298

An improper privilege management vulnerability CWE-269 in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files via another, unrelated and hypothetical exploit to execute arbitrary Python commands as root...

CVE-2021-26612

An improper input validation leading to arbitrary file creation was discovered in copy method of Nexacro platform. Remote attackers use copy method to execute arbitrary command after the file creation included malicious code...

GHSA-H33P-5J96-W8QH OS Command Injection in gulkp-styledocco

gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...

CVE-2020-11079

node-dns-sync npm module dns-sync through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1...

Command injection

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

Authentication flaw

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

Ubuntu: Security Advisory (USN-4219-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-16286

HP ThinPro Linux exposes CVE-2019-16286 across multiple versions (6.2–7.1). The flaw allows bypass of the OS application filter by altering browser preferences to launch a separate process that can execute arbitrary commands, potentially leading to information disclosure, privilege escalation, an...

CVE-2019-11217

The GitController in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows execution of arbitrary commands in the context of the web server via a crafted http request...

DSA-3712-1 terminology - security update

Bulletin has no description...

Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:196)

Updated cups-filters package fixes security vulnerability : cups-browsed in cups-filters before 1.0.66 contained a bug in the removebadchars\ function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrar...

Updated cups-filters packages fix CVE-2015-2265

Updated cups-filters package fixes security vulnerability: cups-browsed in cups-filters before 1.0.66 contained a bug in the removebadchars function, where it failed to reliably filter out illegal characters if there were two or more subsequent illegal characters, allowing execution of arbitrary...

Gentoo Security Advisory GLSA 200506-13 (webapp-config)

The remote host is missing updates announced in advisory GLSA 200506-13. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Debian: Security Advisory (DSA-969-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...