| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 10 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 8 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 7 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 6 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46). |
| Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). |
| The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method. |
| In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root. |
| The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a crafted pdf file. |
| 'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. |
| Stack-based buffer overflow in the websRedirect function in GoAhead on D-Link DIR-816 A2 (CN) routers with firmware version 1.10B05 allows unauthenticated remote attackers to execute arbitrary code via a request with a long HTTP Host header. |
| A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53. |
| An issue was discovered on Dongguan Diqee Diqee360 devices. The affected vacuum cleaner suffers from an authenticated remote code execution vulnerability. An authenticated attacker can send a specially crafted UDP packet, and execute commands on the vacuum cleaner as root. The bug is in the function REQUEST_SET_WIFIPASSWD (UDP command 153). A crafted UDP packet runs "/mnt/skyeye/mode_switch.sh %s" with an attacker controlling the %s variable. In some cases, authentication can be achieved with the default password of 888888 for the admin account. |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. |
