354 matches found
MikroTik routers 资源管理错误漏洞
MikroTik routers is a router product from the Latvian company MikroTik. A security vulnerability exists in MikroTik routers v6.46.3 and earlier versions that originates from a misconfiguration that allows an attacker to cause a denial of service via an SSH daemon...
The vulnerability of the Android EMUI operating system’s shell and the HarmonyOS operating system, related to the use of memory after its release, allows attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the Android EMUI operating system’s shell and the HarmonyOS operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to compromise the integrity and accessibility of protected information...
PT-2023-8987 · Akuvox · Akuvox E11
Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue is related to the Akuvox E11 secure shell SSH server, which is enabled by default and accessible by the root user with a password that cannot be changed by the user. This conce...
SUSE CVE-2018-0502
An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...
SUSE CVE-2019-2513
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Shell. Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server...
The vulnerability in the implementation of the SSH network protocol for Cisco IOS and Cisco IOS XE operating systems allows a hacker to cause a service failure.
The vulnerability of the SSH network protocol implementation in Cisco IOS and Cisco IOS XE operating systems is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
PT-2022-7851 · Mvpower · Mvpower Cctv Dvr
Name of the Vulnerable Software and Affected Versions: MVPower CCTV DVR models, including TV-7104HE version 1.8.4 115215B9 and TV7108HE, versions from 2014 through 2019 Description: A remote unauthenticated attacker can execute arbitrary operating system commands as root due to a web shell...
CVE-2022-20920
A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to improper handling of resources during an exceptional situation. An attacker could exploit thi...
SiteServerCMS 安全漏洞
SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...
PT-2022-23268 · Unknown · Siteserver Cms
Name of the Vulnerable Software and Affected Versions: SiteServerCMS versions 5.X Description: The issue is related to a Remote-download-Getshell-vulnerability. This vulnerability can be exploited via the "/SiteServer/Ajax/ajaxOtherService.aspx" API endpoint. Recommendations: For SiteServerCMS...
The vulnerability of the Windows Shell component of Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Windows Shell component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2022-30222
Windows Shell Remote Code Execution Vulnerability...
CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability
...
Secheron SEPCOS Control and Protection Relay 安全漏洞
Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.The Secheron SEPCOS Control and Protection Relay has a weak password...
USN-5459-1: cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2020-14342 It was discovered that cifs-utils...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. and V8 is an open source JavaScript engine. Google Chrome suffers from a resource management error vulnerability that stems from the presence of post-release reuse in the Chrome OS shell...
CVE-2022-20001 Injection in fish
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...
Google Chrome和Chrome OS 资源管理错误漏洞
Google Chrome is a web browser from Google, Inc. A memory mis-reference vulnerability exists in Google Chrome OS Shell, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service condition...
Zsh 操作系统命令注入漏洞
Zsh is a command interpreter that can be used as a shell for interactive login and scripting. A security vulnerability exists in Zsh that stems from the recursive PROMPTSUBST extension. In zsh before 5.8.1, an attacker can achieve code execution by controlling the output of commands within the...
The vulnerability of the Android EMUI operating system’s shell is related to the improper implementation of the sequence of actions that should be performed. This allows attackers to disclose protected information.
The vulnerability of the Android EMUI operating system’s shell is related to the improper implementation of the sequence of actions that need to be performed. Exploiting this vulnerability can allow a remote attacker to disclose protected information...