CVE-2024-28892

CVE-2024-28892 : A command-injection flaw exists in the name parameter of GoCast 1.1.3 (github.com/mayuresh82/gocast). A specially crafted, unauthenticated HTTP request can cause arbitrary command execution on the server. Documented as a network‑proximate vulnerability with high impact across con...

CVE-2024-28892

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-21855

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-29224

Summary: CVE-2024-29224 affects GoCast 1.1.3. The NAT parameter in the GoCast HTTP API can be abused to trigger OS command injection, enabling arbitrary command execution via an unauthenticated HTTP request. The root cause is the nat string being concatenated into a system command (iptables) with...

CVE-2024-21855

CVE-2024-21855 refers to a lack of authentication in GoCast 1.1.3’s HTTP API, allowing unauthenticated HTTP requests to trigger arbitrary command execution. Cisco Talos details show the API can register/unregister apps without auth, enabling full control over GoCast’s BGP-related functionality an...

CVE-2024-21855

A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

GoCast 操作系统命令注入漏洞

GoCast is a tool for controlling BGP route announcements from the host by individual developer mayuresh82. An OS command injection vulnerability exists in GoCast version 1.1.3, which stems from OS command injection in NAT parameters and could lead to arbitrary command execution...

GoCast 操作系统命令注入漏洞

GoCast is a tool for controlling BGP route announcements from the host by individual developer mayuresh82. An OS command injection vulnerability exists in GoCast version 1.1.3, which stems from an OS command injection in the name parameter and could lead to arbitrary command execution...

GoCast 访问控制错误漏洞

GoCast is a tool for controlling BGP route announcements from a host by the individual developer mayuresh82. An access control error vulnerability exists in GoCast version 1.1.3 that stems from a lack of authentication in the HTTP API functionality and could lead to arbitrary command execution...

PT-2024-19096 · Gocast · Gocast

Name of the Vulnerable Software and Affected Versions: GoCast version 1.1.3 Description: A lack of authentication issue exists in the HTTP API functionality, allowing a specially crafted HTTP request to lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to...

PT-2024-22820 · Gocast · Gocast

Name of the Vulnerable Software and Affected Versions: GoCast version 1.1.3 Description: An OS command injection issue exists in the NAT parameter of GoCast. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger...

GoCast HTTP API lack of authentication vulnerability

Talos Vulnerability Report TALOS-2024-1962 GoCast HTTP API lack of authentication vulnerability November 21, 2024 CVE Number CVE-2024-21855 SUMMARY A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary...

GoCast NAT parameter OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1961 GoCast NAT parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-29224 SUMMARY An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command...

GoCast name parameter OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1960 GoCast name parameter OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-28892 SUMMARY An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary comman...