256 matches found
CVE-2024-4298
The CVE-2024-4298 issue affects HGiga iSherlock and its components (MailSherlock, SpamSherock, AuditSherlock). The root cause is improper filtering of special characters in certain function parameters within the email search interface, enabling command injection when exploited by an admin user. I...
CVE-2024-4298 HGiga iSherlock - Command Injection
The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...
CVE-2024-1655 ASUS WiFi Router - OS Command Injection
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request...
PT-2024-18203 · Asus · Asus Wifi Routers
Name of the Vulnerable Software and Affected Versions: ASUS WiFi routers affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request, due to an OS Command Injection vulnerability...
CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...
Cross-site Request Forgery (CSRF)
phpPgAdmin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of the request source in the "database.php" area of phpPgAdmin. This allows sensitive actions to be performed without proper verification of the request's origin. A remote attacker can...
Command injection
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...
CVE-2024-25428
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...
CVE-2024-25428
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...
CVE-2023-29048
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
Design/Logic Flaw
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially viola...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
Design/Logic Flaw
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36486
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
Dell Virtual Appliance Manager 操作系统命令注入漏洞
Dell Virtual Appliance Manager is a virtual appliance manager from Dell USA. A command injection vulnerability exists in Dell Virtual Appliance Manager, which can be exploited by an attacker to cause arbitrary operating system commands to be executed on an affected system...
CVE-2023-47254
An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface...