The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks lies in the lack of security measures regarding SQL query structures. This allows attackers to execute arbitrary code within the root user’s context.

The vulnerability of the Ivanti Endpoint Manager software for managing endpoints in information networks relates to the lack of security measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the root...

CVE-2023-49254

Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, howeve...

Design/Logic Flaw

Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, howeve...

Design/Logic Flaw

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tundarwin.go or tunwindows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persisten...

CVE-2020-10881

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS messa...