1086 matches found
ELECOM WRC-X6000XS-G、WRC-X1500GS-B和WRC-X1500GSA-B 安全漏洞
ELECOM WRC-X6000XS-G and others are a wireless router from ELECOM Japan. A security vulnerability exists in the ELECOM WRC-X6000XS-G, WRC-X1500GS-B, and WRC-X1500GSA-B v1.11 and earlier versions, which stems from the possibility that a logged in user with administrative privileges could send a...
mySCADA MyPRO Authenticated Command Injection
class MetasploitModule 'mySCADA MyPRO Authenticated Command Injection CVE-2023-28384', 'Description' = %q Authenticated Command Injection in MyPRO MSFLICENSE, 'Author' = 'Michael Heinzl', Vulnerability discovery & MSF module 'References' = 'URL',...
xdg-desktop-portal-hyprland 安全漏洞
xdg-desktop-portal-hyprland is an open source XDG desktop portal for Hyprland by Hypr Development. A security vulnerability exists in xdg-desktop-portal-hyprland versions prior to 1.3.3 that stems from allowing execution of operating system commands...
The vulnerability of the microprogrammed software in video surveillance systems GeoVision GV-DSP, GV-IPCAMD, GV-VS, and GVLX 4 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This vulnerability allows attackers to execute arbitrary commands.
The vulnerability of the microprogramming software used in video surveillance systems GeoVision GV-DSP, GV-IPCAMD, GV-VS, and GVLX 4 exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote...
The vulnerability of the proc_open() function in the PHP interpreter allows attackers to execute arbitrary commands.
The vulnerability of the procopen function in the PHP programming language exists because measures to neutralize the special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
CVE-2024-36475
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed...
CVE-2024-36491
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service DoS condition...
PT-2024-27018 · Futurenet · Futurenet Nxr Series
Name of the Vulnerable Software and Affected Versions: FutureNet NXR series, VXR series and WXR series affected versions not specified Description: The issue concerns an active debug code vulnerability. If a user with knowledge of the debug function logs in, they may utilize the debug function to...
The vulnerability of the IBM Security Guardium security tool arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the IBM Security Guardium information protection tool exists because measures to neutralize special elements used in the operating system have not been implemented. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
PT-2024-22559 · Ifm · Smart Plc Ac14Xx Firmware +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A remote attacker with high privileges may use a deleting file function to inject OS commands. There is no information provided about the estimated numb...
The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending a...
CVE-2024-4696
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...
CVE-2024-4696
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...
CVE-2024-4696
A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited...
CVE-2024-4696
CVE-2024-4696 affects Lenovo Service Bridge before version 5.0.2.17. The issue is a command-injection/privilege-escalation flaw in the LscShim module: parsing a crafted URL does not properly validate input, allowing arbitrary code execution in the context of the current user after user interactio...
The vulnerability of the PHP programming language interpreter arises from the lack of measures taken to eliminate special elements used in operating system commands, allowing attackers to execute arbitrary code.
The vulnerability of the PHP programming language interpreter exists because measures to neutralize the special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP...
SUSE CVE-2019-9193
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...
CVE-2024-29973
UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by sending a...
CVE-2024-29972
UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by...
CVE-2024-29972
UNSUPPORTED WHEN ASSIGNED The command injection vulnerability in the CGI program "remotehelp-cgi" in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an unauthenticated attacker to execute some operating system OS commands by...