1774 matches found
CVE-2019-13386
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...
CVE-2017-9828
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera...
CVE-2002-1868
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields...
[SECURITY] [DLA 4169-1] dropbear security update
Debian LTS Advisory DLA-4169-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 17, 2025 https://wiki.debian.org/LTS Package : dropbear Version : 2020.81-3+deb11u3 CVE ID : CVE-2025-47203 Marcin Nowak discovered that dbclient1 hostname arguments with a comma for...
CVE-2025-32821
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...
CVE-2025-32821
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance...
CVE-2025-32821
CVE-2025-32821 (SonicWall SMA100) is a post-authentication command-injection/file-write vulnerability in the SMA100 SSL-VPN. An admin user can inject shell arguments to write a file anywhere the nobody user can write to, potentially enabling root-level remote code execution when chained with CVE-...
Milesight UG65-868M-EA
RISK EVALUATION Successful exploitation of this vulnerability could allow any user with admin privileges to inject arbitrary shell commands. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Ensure that...
GHSA-CJ5W-8MJF-R5F8 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution ^1 string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions ^2. If a user starts jupyter-lab in a parent directory of this...
CVE-2025-30370
jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...
CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...
CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...
CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"
jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...
Amazon Linux AMI : emacs (ALAS-2025-1964)
The version of emacs installed on the remote host is prior to 24.3-20.26. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1964 advisory. A flaw was found in the Emacs text editor. Improper handling of custom man URI schemes allows attackers to execute arbitrary shell...
FreeBSD : vim -- Improper Input Validation in Vim (2ec7816d-fdb7-11ef-91ff-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2ec7816d-fdb7-11ef-91ff-b42e991fc52e advisory. [email protected] reports: Vim is distributed with the tar.vim plugin, that allows easy...
CBL Mariner 2.0 Security Update: vim (CVE-2025-27423)
The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27423 advisory. - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy...
Important: emacs
Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...
Linux Distros Unpatched Vulnerability : CVE-2025-27423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of compressed or uncompressed...
Linux Distros Unpatched Vulnerability : CVE-2021-42375
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistakin...
Linux Distros Unpatched Vulnerability : CVE-2015-20107
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow...