EUVD-2017-0071

Malware in sbrugna...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below have a configuration modification issue where sufficient input sanitization is not performed on the value provided for the hostname of the appliance. The hostname variable can include a command terminator and subsequent...

CVE-2023-46322

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...

CVE-2021-3275

Unauthenticated stored cross-site scripting XSS exists in multiple TP-Link products including WIFI Routers Wireless AC routers, Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper...

GHSA-3QMG-C9VC-R47J Mercurial is vulnerable to shell injection attack

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks...

MGASA-2017-0331 Updated mercurial package fixes security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...

MGASA-2017-0282 Updated mercurial packages fix security vulnerabilities

Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand...