39 matches found
The vulnerability of the svc_cifssupport utility in the Dell Unity Operating Environment (OE) system allows a malicious actor to execute arbitrary operating system commands with root privileges.
The vulnerability of the svccifssupport utility in the Dell Unity Operating Environment DELL Unity Operating Environment system exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to...
The vulnerability of the NTPSyncWithHost function in the cstecgi.cgi microprogramming software for TOTOLINK EX1200L routers allows a hacker to execute arbitrary code.
The vulnerability of the NTPSyncWithHost function in the cstecgi.cgi microprogramming software for TOTOLINK EX1200L routers exists due to the lack of measures taken to neutralize the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to...
The vulnerability of the graphical interface of the FortiSIEM security management system allows a hacker to execute arbitrary commands.
The vulnerability of the FortiSIEM security management graphical interface is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the flupl query_type function in D-Link G416 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the flupl querytype function in D-Link G416 router microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...
The vulnerability of the flupl function in D-Link G416 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the flupl function in D-Link G416 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...
The vulnerability of the Command Line Interface (CLI) of the Cisco Identity Services Engine (ISE) management platform allows a hacker to escalate their privileges.
The vulnerability of the Command Line Interface CLI of the Cisco Identity Services Engine ISE management platform relates to the lack of measures taken to neutralize special elements used in the OS command line. Exploiting this vulnerability can allow attackers to increase their privileges...
Advantech iView 命令注入漏洞
Advantech iView, a Simple Network Protocol SNMP based software from Advantech, China, for managing B B SmartWorx devices, is vulnerable to a command injection vulnerability in versions prior to Advantech iView 5.7.04.6469, which stems from the use of a special element in a command that is not...
Dolibarr SQL注入漏洞
Dolibarr is a software application. A modern software package that helps manage your organization's activities. A security vulnerability exists in Dolibarr that stems from the vulnerability of dolibarr to unsatisfactory neutralization of specific elements used in SQL commands...
NETGEAR D3600, D6000 and XR500 OS Command Injection Vulnerability (CNVD-2020-27258)
NETGEAR D3600 and others are products of NETGEAR Corporation.NETGEAR D3600 is a wireless modem.NETGEAR D6000 is a wireless modem.NETGEAR XR500 is a wireless router.NETGEAR XR500 is a wireless router. An operating system command injection vulnerability exists in the NETGEAR D3600 prior to version...
The vulnerability of the SERVER_ID component in D-Link DIR-859 router microprogramming software exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This vulnerability allows a hacker to execute arbitrary commands.
The vulnerability of the SERVERID component in the D-Link DIR-859 router microprogramming system exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Dolibarr ERP/CRM Injection Vulnerability
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An injection vulnerability exists in Dolibarr ERP/CRM version...
Hardcoded credentials
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search GIMPS allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed...
CVE-2017-14484
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search GIMPS allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed...
CVE-2017-14484
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search GIMPS allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed...
MS15-088 Description of the security update for Windows, Internet Explorer, and Office: August 11, 2015
MS15-088 Description of the security update for Windows, Internet Explorer, and Office: August 11, 2015 Summary This security update helps resolve an information disclosure vulnerability in Windows, Internet Explorer, and Microsoft Office. To exploit the vulnerability, an attacker would first hav...
Microsoft Internet Explorer Information Disclosure (MS15-106: CVE-2015-6046)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
Microsoft Internet Explorer Information Disclosure (MS15-094: CVE-2015-2483)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling unsafe command line parameters. A remote attacker can exploit this issue by enticing a user to open a specially crafted...
man code execution
Under some conditions 'unsafe' command may be invoked...
Vulnerability in man < 1.5l
man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file. The basic problem is, upon finding a string with a quoting problem, the function myxsprintf in util.c will return "unsafe" rather than returning a string which could be...