CVE-2024-34352

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

GHSA-F8CH-W75V-C847 1Panel arbitrary file write vulnerability

Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...

CVE-2024-34352 Arbitrary file write vulnerability in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

CVE-2024-34352 Arbitrary file write vulnerability in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol...

1Panel arbitrary file write vulnerability

There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing...

CVE-2024-3871

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...

CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...

CVE-2024-3871

CVE-2024-3871 affects Delta Electronics DVW-W02W2-E2 web administration interface, with versions up to 2.5.2. The issue stems from command injections and stack overflows in the web UI, enabling remote attackers to achieve remote code execution with elevated privileges. The NVD entry states this c...

PT-2024-27814 · White Bear Solutions · Wbsairback

Name of the Vulnerable Software and Affected Versions: White Bear Solutions WBSAirback version 21.02.04 Description: The issue is related to uncontrolled resource consumption, which could be exploited by an attacker to influence the amount of resources consumed by sending multiple command injecti...

GHSA-P3J6-F45H-HW5F tiagorlampert CHAOS vulnerable to command injections

An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within clientservice.go...

tiagorlampert CHAOS vulnerable to command injections

An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within clientservice.go...

UBUNTU-CVE-2023-35961

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression...

Amazon Linux 2 : ansible (ALASANSIBLE2-2023-009)

The version of ansible installed on the remote host is prior to 2.9.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ANSIBLE2-2023-009 advisory. A flaw was found in the solariszone module from the Ansible Community modules. When setting the name for the zone o...

GHSA-2GGP-CMVM-F62F ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

CVE-2023-34420

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...

CVE-2023-34420

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...

CVE-2023-34420

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...

Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2023-134)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-134 advisory. emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry...

CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...

CVE-2023-27985

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90...