The vulnerability of D-Link DSL-2640U and DSL-2540U router microprogramming systems lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.

The vulnerability of D-Link DSL-2640U and DSL-2540U router microprogramming systems lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands using metasymbols within the...

Oracle Linux 8 : openssh (ELSA-2024-3166)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-3166 advisory. - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870 Tenable has extracted the preceding description block directly from the Oracl...

openssh security update

8.7p1-34.3 - Fix Terrapin attack CVE-2023-48795 Resolves: RHEL-19764 - Forbid shell metasymbols in username/hostname CVE-2023-51385 Resolves: RHEL-19822...

openssh security update

8.0p1-19.0.1.2 - Update patches for CVE-2023-51385, CVE-2023-48795 Orabug: 36256632 8.0p1-19.2 - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385 - Fix Terrapin attack Resolves: CVE-2023-48795...

Fedora 38 : openssh (2024-37627e432e)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-37627e432e advisory. Forbid shell metasymbols in username/hostname Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

The vulnerability of the GoAhead microprogramming software component of D-Link DIR-823G routers allows a hacker to execute arbitrary commands.

The vulnerability of the GoAhead microprogramming software for D-Link DIR-823G routers exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through...

The vulnerability of the /goform/Diagnosis component of D-Link DIR-816 A2 microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the /goform/Diagnosis component of D-Link DIR-816 A2 router microprogramming systems exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the /goform/form2systime.cgi microprogramming software for D-Link DIR-816 A2 routers allows a hacker to execute arbitrary commands.

The vulnerability of the /goform/form2systime.cgi microprogramming system for D-Link DIR-816 A2 exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the c_rehash implementation in the OpenSSL library allows a hacker to execute arbitrary commands.

The vulnerability of the crehash implementation in the OpenSSL library is related to the failure to take measures to neutralize metasymbols during certificate processing in /etc/ssl/certs/. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the microprogrammed Wi-Fi router NETGEAR R6020 allows a intruder to execute arbitrary shell commands.

The vulnerability of the Wi-Fi router software of NETGEAR R6020 is related to the lack of measures to clean incoming data containing metasymbols. Exploiting this vulnerability can allow a remote attacker to execute arbitrary shell commands...

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine aircraft monitoring application, which allows a violator to execute arbitrary commands

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine monitoring application exists because measures are not taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the Ohcount source code counting tool lies in the lack of measures to clean input data, allowing a hacker to execute arbitrary code.

The vulnerability of the Ohcount source code counting tool is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code as the user who runs Ohcount, by using specially created file names containing metasymbols...

The vulnerability in cgi_test.cgi of the built-in microprogramming software for IP cameras from AirLive – models BU-3026, BU-2015, and MD-3025 – allows a intruder to execute arbitrary commands on the operating system.

The vulnerability in cgitest.cgi of the built-in microprogramming software for AirLive BU-3026, AirLive BU-2015, and AirLive MD-3025 exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious...

The vulnerability of the firmware control interface of Teltonika RUT9XX allows a hacker to execute arbitrary commands with root privileges.

The vulnerability of the control interface of Teltonika RUT9XX embedded microprogramming software is related to deficiencies in access control during user authentication requests. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root...

The vulnerability in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin allows a malicious user to execute arbitrary commands on the operating system.

The vulnerability in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating...

The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to execute arbitrary code.

The vulnerability of the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT command-line graphic editors based on ImageMagick exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metasymbols within a speciall...

The vulnerability of the Ruby Colorscore interpreter extension, which allows a hacker to execute arbitrary code.

The vulnerability of the class initialization method Histogram lib/colorscore/histogram.rb in the Ruby Colorscore extension is related to the lack of measures to clean input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metasymbols in variables like...