EUVD-2019-6352

Malware in sbrugna...

EUVD-2019-6646

Malware in sbrugna...

CVE-2013-10070

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can craft a request injecting arbitrary PHP code, leading to command execution under the web server’s context...

CVE-2024-7062

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

CVE-2024-7062

CVE-2024-7062 affects Nimble Commander. The vulnerability is located in the server component info.filesmanager.Files.PrivilegedIOHelperV2 and arises from improper/insufficient validation of a client’s authorization before executing an operation. As described in the connected documents, this can e...

CVE-2024-7062 Local Privilege Escalation in Nimble Commander <= v1.6.0, Build 4087

Nimble Commander suffers from a privilege escalation vulnerability due to the server info.filesmanager.Files.PrivilegedIOHelperV2 performing improper/insufficient validation of a client’s authorization before executing an operation. Consequently, it is possible to execute system-level commands as...

Command injection

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router Annex A 6GK5812-1AA00-2AA2 All versions V8.0,...

CVE-2023-48428

Summary of CVE-2023-48428 (SINEC INS) : The radius configuration mechanism in Siemens SINEC INS (all versions

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

🔍 Cisco IOS XE Web UI Vulnerability Scanner - CVE-2023-20198...

K14138: XML External Entity Injection (XXE) from authenticated source vulnerability CVE-2012-2997

Security Advisory Description An XML External Entity Injection XXE vulnerability exists in a BIG-IP component. This vulnerability may allow a user who is logged in to the BIG-IP Configuration utility to download arbitrary files from the file system. Impact An attacker may be able to exploit the...

CVE-2019-15708

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...

CVE-2019-15708

A system command injection vulnerability in the FortiAP-S/W2 6.2.1, 6.2.0, 6.0.5 and below, FortiAP 6.0.5 and below and FortiAP-U below 6.0.0 under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted ifconfig commands...

CVE-2019-15710

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

CVE-2019-15710

An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, 4.0.0 and below under CLI admin console may allow unauthorized administrators to run arbitrary system level commands via specially crafted "execute date" commands...

CVE-2019-1850 Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with root privileges on an affected device. An attacker would need to have valid administrator...

Design/Logic Flaw

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...

CVE-2018-10143

The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...

Remote Code Execution in Expedition Migration Tool

A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-794/ CVE-2018-10143 Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...

Remote Code Execution in Expedition Migration Tool

A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool “Expedition”. Ref MT-794/ CVE-2018-10143 Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application...

Input validation

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of...