15280 matches found
PT-2023-30267 · Subrion · Subrion
Name of the Vulnerable Software and Affected Versions: Subrion version 4.2.1 Description: The issue is a remote command execution vulnerability located in the backend. Recommendations: For Subrion version 4.2.1, at the moment, there is no information about a newer version that contains a fix for...
CVE-2023-46947
CVE-2023-46947 affects Subrion CMS, specifically version 4.2.1, with a remote command execution weakness in the backend. The connected sources confirm the vulnerability exists in Subrion 4.2.1 and reiterate backend RCE, but the documents do not provide concrete root-cause details, affected module...
CVE-2023-46947
Subrion 4.2.1 has a remote command execution vulnerability in the backend...
The vulnerability of the nginx.ingress.kubernetes.io/permanent-redirect controller in the Kubernetes ingress-nginx cluster allows a attacker to execute arbitrary commands.
The vulnerability of the nginx.ingress.kubernetes.io/permanent-redirect controller in the Kubernetes ingress-nginx cluster is related to errors in processing incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Atlassian Confluence Data Center and Server broken access control
Added: 11/02/2023 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. Resolution...
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1713 Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...
CVE-2023-1713 Bitrix24 Remote Command Execution (RCE) via Insecure Temporary File Creation
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file...
SUSE CVE-2015-5190
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL...
The vulnerability of the EisBaer SCADA system, caused by deficiencies in the authentication process, allows a intruder to execute arbitrary commands.
The vulnerability of the SCADA system EisBaer is due to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the settings/setTracerouteCfg component of the TOTOLINK X5000R router’s microprogramming system allows a perpetrator to execute arbitrary commands and gain full access to the device.
The vulnerability of the settings/setTracerouteCfg component of the TOTOLINK X5000R router software exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of software for managing data storage on Dell EMC PowerEdge MX Dell SmartFabric Storage systems is related to insufficient checking of arguments passed in commands, allowing an attacker to execute arbitrary commands.
The vulnerability is related to insufficient checking of arguments passed to the command. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the DevTools set of tools for web development in the Mozilla Firefox browser and the Thunderbird email client allows a hacker to execute arbitrary commands.
The vulnerability of the DevTools suite for web development in the Mozilla Firefox browser and Thunderbird email client is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support EoTS...
Stable Diffusion WebUI Remote Command Execution Vulnerability
Stable Diffusion WebUI is an AI image processing tool developed by AUTOMATIC1111 based on the Stable Diffusion AI model, which supports file creation and image creation. A remote command execution vulnerability in Stable Diffusion WebUI, which is caused by not filtering user input when installing...
ILIAS Security Vulnerabilities
ILIAS is an open source learning management system. A security vulnerability exists in ILIAS version 7.25 that originates from allowing any authenticated user to remotely execute arbitrary operating system commands...
CVE-2023-46423
TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub417094 function...
CVE-2023-46421
TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub411D00 function...
CVE-2023-46419
TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub415730 function...