CVE-2023-29006

CVE-2023-29006 affects the Order GLPI plugin. Versions 1.8.0 up to, but not including, 2.7.7 and 2.10.1 allow an authenticated user with access to the standard interface to craft a URL that can execute a system command. Patches exist in 2.7.7 and 2.10.1. A manual workaround is to delete the plugi...

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

CVE-2023-29006 Order GLPI plugin vulnerable to remote code execution from authenticated user

The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 conta...

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

Privilege escalation

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

Acuant AcuFill SDK 代码问题漏洞

Acuant AcuFill SDK is a data capture technology from the American company Acuant. All major data fields can be extracted from documents. A security vulnerability exists in Acuant AcuFill SDK that stems from the Acuant installer calling certutil.exe to install a certificate during SDK installation...

CVE-2022-48222

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full...

CVE-2023-24835

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service...

Privilege escalation

HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or...

Code injection

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service...

CVE-2023-24835 Softnext SPAM SQR - Code Injection

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service...

Cisco IOS XE SD-WAN Software 安全漏洞

Cisco IOS XE SD-WAN Software is a Cisco software for network management software-defined networking for the Cisco IOS XE network operating system. A security vulnerability exists in Cisco IOS XE SD-WAN Software that originates from insufficient validation of inputs to the system CLI...

InsightCloudSec 代码注入漏洞

InsightCloudSec is a fully integrated cloud-native security platform from InsightCloudSec. A security vulnerability exists in versions of InsightCloudSec prior to 23.3.21 that stems from an attacker being able to execute OS commands via a Jinja template utilizing the publicly available getattr...

The vulnerability of FortiWeb web applications’ network firewalls stems from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of FortiWeb web applications’ network firewalls is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted...

Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2023-18291)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. An operating system command injection...

CVE-2022-48259

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges...

CVE-2022-48255

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution...

CVE-2022-48255

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution...

CVE-2022-48259

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges...

Command injection

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges...