CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

CVE-2023-40581

yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the --exec flag. This flag allows output template expansion in its argument, so that metadata values may be used in...

CVE-2023-40581

CVE-2023-40581 concerns yt-dlp on Windows, where the --exec flag can perform shell commands with output template expansion. The underlying issue is that the escaping for cmd.exe is insufficient, allowing remote code execution when supplied data contains crafted metadata. The vulnerability is tied...

Freewill Solutions iFIS Operating System Command Injection Vulnerability

Freewill Solutions iFIS Freewill Solutions SMART Trade is a multi-modal order management system for stock markets such as the Stock Exchange SET, Ho Chi Minh Stock Exchange HSX, and other stock markets from Freewill Solutions. A security vulnerability exists in Freewill Solutions iFIS version...

How to auto execute shell command at a regular time every day using crontab

This article outlines the method to schedule a shell command at a regular time every day using crontab in an ADC...

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48582

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48581

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

Command injection

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

Command injection

A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48584

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48583

A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48582

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48581

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48581

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

CVE-2022-48580

A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system...

ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

PT-2023-15852 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A command injection issue exists in the ARP ping device tool feature of the ScienceLogic SL1. This feature takes unsanitized user-controlled input and passes it directly to a shell...

PT-2023-15853 · Sciencelogic · Sciencelogic Sl1

Name of the Vulnerable Software and Affected Versions: ScienceLogic SL1 affected versions not specified Description: A command injection issue exists in the "dash export" feature, where unsanitized user-controlled input is passed directly to a shell command, allowing the injection of arbitrary...