Remote shell execution vulnerability when applying commands from user input

Impact When using the apply method from imageprocessing to apply a series of operations that are coming from unsanitized user input, this allows the attacker to execute shell commands: rb ImageProcessing::Vips.apply system: "echo EXECUTED" EXECUTED This method is called internally by Active Stora...

Path traversal

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...

CVE-2021-20134

Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Applicat...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Il 9 dicembre 2021 il mondo è venuto a conoscen...

Teamcenter Active Workspace Path Traversal Vulnerability

Teamcenter Active Workspace is a web application for accessing the Teamcenter system. Teamcenter Active Workspace path traversal vulnerability, where the application contains an insecure decompression mode, could lead to a compressed path traversal attack. An attacker could use this vulnerability...

CVE-2021-41547

A vulnerability has been identified in Teamcenter Active Workspace V4.3 All versions V4.3.11, Teamcenter Active Workspace V5.0 All versions V5.0.10, Teamcenter Active Workspace V5.1 All versions V5.1.6, Teamcenter Active Workspace V5.2 All versions V5.2.3. The application contains an unsafe...

Path traversal

A vulnerability has been identified in Teamcenter Active Workspace V4.3 All versions V4.3.11, Teamcenter Active Workspace V5.0 All versions V5.0.10, Teamcenter Active Workspace V5.1 All versions V5.1.6, Teamcenter Active Workspace V5.2 All versions V5.2.3. The application contains an unsafe...

CVE-2021-41547

CVE-2021-41547 affects Siemens Teamcenter Active Workspace (versions V4.3 < 4.3.11, V5.0 < 5.0.10, V5.1 < 5.1.6, V5.2

CVE-2021-41547

A vulnerability has been identified in Teamcenter Active Workspace V4.3 All versions V4.3.11, Teamcenter Active Workspace V5.0 All versions V5.0.10, Teamcenter Active Workspace V5.1 All versions V5.1.6, Teamcenter Active Workspace V5.2 All versions V5.2.3. The application contains an unsafe...

Siemens Teamcenter Active Workspace 路径遍历漏洞

Teamcenter Active Workspace is a web application for accessing the Teamcenter system. Teamcenter Active Workspace path traversal vulnerability, where the application contains an insecure decompression mode, could lead to a compressed path traversal attack. An attacker could use this vulnerability...

Exploit for CVE-2021-42278

noPac Exploiting CVE-2021-42278 and CVE-2021-42287 The origi...

Debian: Security Advisory (DLA-2822-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2822-1] netkit-rsh security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2822-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz November 19, 2021 https://wiki.debian.org/LTS -...

[SECURITY] Fedora 34 Update: et-6.1.9-1.fc34

Eternal Terminal ET is a remote shell that automatically reconnects without interrupting the session...

qinggan phpok 代码问题漏洞

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An arbitrary file write vulnerability exists in the editsavef function in framework/admin/tplcontrol.php in phpok version 5.1. An attacker can exploit this vulnerability to wri...

Pet Shop Management System 1.0 Privilege Escalation / Shell Upload

!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...

REINER SCT Reiner TimeCard 信任管理问题漏洞

REINER SCT Reiner TimeCard is a chip card reading device from REINER SCT, Germany, used for access protection in secure online banking devices, terminals for dealers and merchants using girocard payments, and PC workstations. A security vulnerability exists in REINER SCT Reiner TimeCard version...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...