The system’s vulnerability for testing and training SAP IDES arises from the lack of measures taken to neutralize special elements used in the operating system command set. This allows a perpetrator to execute arbitrary code.

The vulnerability of the SAP IDES system for testing and training exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the /view/networkConfig/GRE/gre_edit_commit.php file in the Ruijie RG-UAC router microprogramming software allows a attacker to execute any command they desire.

The vulnerability of the /view/networkConfig/GRE/greeditcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2024-33529

ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file uploads with dangerous types...

CVE-2024-33529

Summary: CVE-2024-33529 affects ILIAS versions 7.x < 7.30, 8.x

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions 7.x prior to 7.30, 8.x prior to 8.11, and 9.0, which stems from a vulnerability that could allow a remote, authenticated attacker to execute operating system commands via a dangerous type of file...

CVE-2024-0401

CVE-2024-0401 affects multiple ASUS routers that support custom OpenVPN profiles. An authenticated, remote attacker can execute arbitrary OS commands by uploading a crafted OVPN profile, with impact on confidentiality, integrity, and availability per the cited sources. Affected models include: AS...

The software of the centralized data storage system management center of Dell Technologies PowerProtect Data Domain Management Center is vulnerable, allowing a intruder to execute arbitrary OS commands.

The software of the Dell Technologies PowerProtect Data Domain Management Center has a vulnerability due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary OS commands...

The software for connecting to remote systems and working with them—Eclipse Target Management: Terminal and Remote System Explorer (RSE)—is vulnerable due to the lack of measures taken to eliminate special elements used in operating system commands. This vulnerability allows attackers to execute arbitrary code.

The software for connecting to remote systems and working with them is vulnerable in Eclipse Target Management: Terminal and Remote System Explorer. This vulnerability exists due to the lack of measures taken to eliminate special elements used in operating system commands. Exploiting this...

OS Command Execution

fuel/core is vulnerable to OS Command Execution. The vulnerability is due to insufficient image filenames validation when constructing the ImageMagick command, which allows specially crafted filenames to be executed as operating system commands...

CVE-2024-34338

Summary: CVE-2024-34338 affects Tenda O3V2 firmware 1.0.0.10 and 1.0.0.12, with a Blind Command Injection via the dest parameter in the /goform/getTraceroute API. The root cause is an injection in that endpoint, allowing arbitrary commands to run with root privileges. Authentication is required t...

Motorola Interface Test Tool 安全漏洞

Motorola Interface Test Tool is an interface test tool from Motorola, Inc. A security vulnerability exists in Motorola Interface Test Tool, which stems from an incorrect export vulnerability that could allow a malicious local application to execute operating system commands...

The vulnerability of the FortiSandbox threat detection and mitigation system arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the FortiSandbox threat detection and mitigation system exists because measures are not taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially...

The vulnerability of the Pandora FMS monitoring and management system, related to the failure to neutralize special elements used in the operating system’s command set, allows a hacker to execute arbitrary code.

The vulnerability of the Pandora FMS monitoring and management system lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server remotely...

The vulnerability of the svc_cbr utility in the operating system for Dell Unity Operating Environment storage systems allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the svccbr utility in the Dell Unity Operating Environment OE storage system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary operating...

The vulnerability of the Dell vApp Manager software, which manages data storage devices like Dell PowerMax EEM, and the Dell Unisphere for PowerMax Virtual Appliance and Solutions Enabler Virtual Appliance, allows a malicious individual to execute arbitrary commands.

The vulnerability of the Dell vApp Manager software, which manages data storage of Dell PowerMax EEM, and the Dell Unisphere for PowerMax Virtual Appliance and Solutions Enabler Virtual Appliance, exists due to the failure to address the special elements used in the operating system’s command set...

The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism lies in the lack of measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Defender for IoT threat detection mechanism is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the GlobalProtect function in the PAN-OS operating system allows a perpetrator to execute arbitrary code with root privileges.

The vulnerability of the GlobalProtect function in the PAN-OS operating system is related to the lack of measures taken to neutralize special elements used in the OS command. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with root privileges...

The vulnerability of the JuiceFSRuntime orchestrator environment for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing in Fluid, allows attackers to execute arbitrary commands.

The vulnerability of the JuiceFSRuntime orchestrator for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing exists due to the lack of measures taken to eliminate special elements used in the operating system command set. Exploiting thi...

The vulnerability of the dashboard component of the application scaling framework for AI and Python Ray applications, which allows a hacker to execute arbitrary commands.

The vulnerability of the dashboard framework for scaling AI and Python Ray applications exists due to the failure to address the issues related to the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the vpnAction function (/itbox_pi/vpn_quickset_service.php?a=set_vpn) in the microprogramming software for Ruijie’s RG-EG series routers allows a hacker to execute arbitrary commands.

The vulnerability of the vpnAction function /itboxpi/vpnquicksetservice.php?a=setvpn of the Ruijie RG-EG series router microprogramming software is related to the failure to eliminate special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to...