PT-2024-6509 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setModifyVpnUser function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

CVE-2024-39607

OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...

ROS-20240716-03

A vulnerability in the Org-Link-Expand-ABBREV function of the LISP/OL.EL file of the EMACS text editor exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

Realtek rtl819x Jungle SDK OS Command Injection Vulnerability

The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China-based Realtek Semiconductor Realtek. An OS command injection vulnerability exists in Realtek rtl819x Jungle SDK version v3.4.11, which stems from an OS command injection vulnerability in the boa formWsc function...

MB Connect Line mbNET.mini OS Command Injection Vulnerability

MB Connect Line mbNET.mini is an industrial router from MB Connect Line, Germany. An operating system command injection vulnerability exists in MB Connect Line mbNET.mini version 2.2.11 and earlier, which stems from an improper neutralization of special elements used in operating system commands,...

PT-2024-6750 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.109 Splunk Cloud Platform versions prior to 9.1.2308.207...

Sysaid Technologies SysAid Operating System Command Injection Vulnerability

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. SysAid suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements used in operating system commands, resulting i...

PT-2024-5243 · Futurenet · Futurenet Nxr Series

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series versions affected versions not specified FutureNet VXR series versions affected versions not specified FutureNet WXR series versions affected versions not specified Description: The issue is related to the lack of measure...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

CVE-2024-20360

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

OESA-2024-1587 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

OESA-2024-1547 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2023-25699

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15...

PT-2024-12070 · Unknown · Videowhisper Live Streaming Integration

Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration versions n/a through 5.5.15 Description: The issue is related to an OS Command Injection vulnerability due to improper neutralization of special elements used in an OS command. This allows for OS Comman...

Tenda AC10 操作系统命令注入漏洞

Tenda AC10 is a wireless router from Tenda, China. An OS command injection vulnerability exists in Tenda AC10U version 15.03.06.48, which originates from an OS command injection in the usbName parameter of the formSetSambaConf method on the /goform/setsambacfg page...

PT-2024-3305 · Kemp · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster affected versions not specified Description: An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a...