CVE-2023-49898

CVE-2023-49898 concerns Apache StreamPark: a project module that integrates Maven compilation lacks validation of Maven parameters, allowing remote command execution. The advisory notes that an attacker must be an authenticated system user with high privileges, limiting exposure, and that the ove...

CVE-2023-49898 Apache StreamPark (incubating): Authenticated system users could trigger remote command execution

In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in...

CVE-2023-48376

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service...

SmartStar Software CWS Code Issue Vulnerability

SmartStar Software CWS is a Web-based integration platform from China-based SmartStar Software. A code issue vulnerability exists in SmartStar Software CWS v10.25, which stems from the file upload feature not restricting the upload of dangerous types of files, which can be exploited by remote...

PT-2023-31406 · Apache · Maven

Name of the Vulnerable Software and Affected Versions: streampark versions prior to 2.1.2 Description: The issue is related to the project module in streampark that integrates Maven's compilation capability. There is no check on the compilation parameters of Maven, allowing attackers to insert...

The vulnerability of the web application development framework web2py arises from the lack of measures taken to eliminate special elements used in the operating system’s command line. This allows attackers to execute arbitrary commands.

The vulnerability of the web2py web application development framework exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the IBM DB2 database management system, related to deficiencies in access control, allows a perpetrator to execute arbitrary commands.

The vulnerability of the IBM DB2 database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, arises due to the failure to take measures to eliminate special elements used in the operating system’s command set. This vulnerability allows attackers to execute arbitrary commands.

The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...

CVE-2023-48663

Dell vApp Manager, versions prior to 9.2.4.x contain a command injection vulnerability. A remote malicious user with high privileges could potentially exploit this vulnerability leading to the execution of arbitrary OS commands on the affected system...

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field...

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field...

CVE-2023-50011

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field...

PT-2023-8587 · Hardy Barth · Cph2 Echarge Ladestation

Name of the Vulnerable Software and Affected Versions: Hardy Barth cPH2 eCharge Ladestation versions 1.87.0 and earlier Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. This may allow a remote attacker to execute...

ZTE MC801A 命令注入漏洞

The ZTE MC801A is a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A suffers from an input validation vulnerability in the handling of multiple network parameters, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...

Electron Technologies FZC PopojiCMS Security Vulnerability

Electron Technologies FZC PopojiCMS is an open source content management system CMS based on the Popoji framework from Electron Technologies FZC, USA. A security vulnerability exists in Electron Technologies FZC PopojiCMS version 2.0.1 that stems from vulnerability to remote command execution...

CVE-2023-50011

PopojiCMS 2.0.1 is reported vulnerable to remote command execution via the Meta Social field (CVE-2023-50011). The vulnerability is described across multiple sources (NVD, Red Hat, OSV, CVE list) as a remote command execution issue in PopojiCMS 2.0.1. The available sources confirm the affected pr...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the microprogrammed software of the FXC AE1021 and FXC AE1021PE routers lies in the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed routing devices FXC AE1021 and FXC AE1021PE lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the SNMPv2 protocol implementation in ASUS’ ASMB8 iKVM remote control device allows a hacker to execute arbitrary commands.

The vulnerability of the SNMPv2 protocol implementation in ASUS’ ASMB8 iKVM remote control device is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the sub_4119A0 function in the microprogramming software of the TOTOLINK X6000R router allows a hacker to execute arbitrary code.

The vulnerability of the sub4119A0 function shttpd in the TOTOLINK X6000R router microprogramming system exists due to the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...