399 matches found
CVE-2023-24508
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...
CVE-2022-30303
An improper neutralization of special elements used in an os command 'OS Command Injection' CWE-78 in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests...
CVE-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the loginfromcookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser...
CVE-2020-35459
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...
CVE-2019-1010163
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...
CVE-2025-27729
CVE-2025-27729 is a Windows Shell remote code execution issue described as a use-after-free vulnerability that enables local code execution. The linked sources confirm this affects Windows Shell and related components, with Microsoft providing security updates to remediate the flaw (for example K...
FreeBSD : Gitlab -- Vulnerabilities (1daa2814-0a6c-11f0-b4e4-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1daa2814-0a6c-11f0-b4e4-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting XSS through merge-request error messages Cross-site...
Gitlab -- Vulnerabilities
Gitlab reports: Cross-site Scripting XSS through merge-request error messages Cross-site Scripting XSS through improper rendering of certain file types Admin Privileges Persists After Role is Revoked External user can access internal projects Prompt injection in Amazon Q integration may allow...
Gitlab -- Vulnerabilities
Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 third party gem graphql Denial of Service Due to Inefficient Processing of Untrusted Input Credentials disclosed when repository mirroring fails Denial of Service Vulnerability in GitLab Approval Rules due ...
Linux Distros Unpatched Vulnerability : CVE-2019-18934
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This iss...
CVE-2022-27486
The issue CVE-2022-27486 affects Fortinet FortiDDoS and FortiDDoS-F CLI, where an improper neutralization of elements in an OS command enables an authenticated attacker to execute shell code as root via the execute command. Affected: FortiDDoS versions 4.5.0–5.5.1; FortiDDoS-F versions 6.1.0–6.3....
CVE-2022-27486
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1...
[SECURITY] [DSA 5719-1] emacs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5719-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2024 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5718-1] org-mode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 25, 2024 https://www.debian.org/security/faq -...
Debian dsa-5718 : elpa-org - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5718 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5718-1 [email protected] https://www.debian.org/security/...
FreeBSD : emacs -- Arbitrary shell code evaluation vulnerability (4f6c4c07-3179-11ef-9da5-1c697a616631)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f6c4c07-3179-11ef-9da5-1c697a616631 advisory. GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security...
Remote Code Execution (RCE)
passbolt/passboltapi is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization during the server's PGP key generation, allowing users to inject shell code during installation...
Ubuntu: Security Advisory (USN-6711-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6711-1: CRM shell vulnerability
Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...
USN-6711-1 crmsh vulnerability
Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...