54 matches found
EUVD-2014-7838
Malware in sbrugna...
EUVD-2023-36031
Malicious code in bioql PyPI...
EUVD-2024-30446
Malicious code in bioql PyPI...
EUVD-2023-36032
Malicious code in bioql PyPI...
CVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...
CVE-2024-32653
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
Improper Input Validation
jadx is vulnerable to Improper Input Validation. The vulnerability is due to lack of filtering of the package name before concatenation, allowing an attacker to inject arbitrary code into the package name, which could be exploited to execute commands with shell privileges...
CVE-2024-32653
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
CVE-2024-32653
CVE-2024-32653 concerns Jadx, a Dex-to-Java decompiler. Before 1.5.0, the package name is not filtered prior to concatenation, enabling an attacker to inject arbitrary code into the package name and execute commands with shell privileges. The affected version is fixed in 1.5.0, which contains a p...
CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
CVE-2024-32653 Insufficient input filtering of "package name" allows command execution in the device with shell privileges
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for...
Skylot Jadx 安全漏洞
Skylot Jadx is a Dex to Java decompiler. A security vulnerability exists in Skylot Jadx versions prior to 1.5.0 that stems from insufficient input filtering of the package name, which allows an attacker to execute commands in a device with shell privileges...
CVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...
CVE-2024-28353
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smbadminname in the apply.cgi interface, thereby gaining root shell privileges...
CVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...
CVE-2024-28353
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smbadminname in the apply.cgi interface, thereby gaining root shell privileges...
CVE-2024-28353
CVE-2024-28353 affects the TRENDnet TEW-827DRU router (firmware 2.10B01). The issue is a command injection in the apply.cgi interface where an attacker can inject commands through the post parameter usapps.config.smb_admin_name, potentially gaining root shell privileges. Connected sources confirm...
CVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb%d.username in the apply.cgi interface, thereby gaining root shell privileges...
CVE-2024-28353
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smbadminname in the apply.cgi interface, thereby gaining root shell privileges...