acmailer CGI and acmailer DB vulnerable to OS command injection

Overview acmailer CGI and acmailer DB provided by Extra Innovation Inc. contain an OS command injection vulnerability CWE-78. Extra Innovation Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Extra Innovation Inc. coordinated under the...

CVE-2024-50567

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted input...

CVE-2022-1440

Command Injection vulnerability in [email protected] in GitHub repository yarkeev/git-interface prior to 2.1.2. If both are provided by user input, then the use of a --upload-pack command-line argument feature of git is also supported for git clone, which would then allow for any operating syst...

Security update for less

This update for less fixes the following issues: CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

Multiple vulnerabilities in I-O DATA router UD-LT2

Overview UD-LT2 provided by I-O DATA DEVICE, INC. contains multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2025-20617, CVE-2025-26856 Inclusion of Undocumented Features CWE-1242 - CVE-2025-22450 OS Command Injection CWE-78 - CVE-2025-23237 CVE-2025-20617, CVE-2025-22450,...

I-O Data Device UD-LT2 操作系统命令注入漏洞

I-O Data Device UD-LT2 is a wireless router from I-O Data Device Japan. An operating system command injection vulnerability exists in I-O Data Device UD-LT2 1.00.008SE and prior versions, which stems from the presence of a disjointed special element that allows an attacker to execute arbitrary...

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a varie...

PT-2025-3387 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000R version 9.1.0cu.2350 B20230313 Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited through the sHour parameter in the setWiFiScheduleCfg function. Recommendations: Fo...

CVE-2024-56497

An improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or...

Fortinet FortiManager 操作系统命令注入漏洞

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices, and can group devices into different management domains ADOM to further simplify the deployment and management of multi-device...

Multiple vulnerabilities in SHARP routers

Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...

FXC AE1021和FXC AE1021PE 操作系统命令注入漏洞

FXC AE1021 and FXC AE1021PE are both products of FXC Corporation.FXC AE1021 is a panel wireless router with integrated RJ-45, RJ-11, and power ports.FXC AE1021PE is a wireless LAN router with support for information egress. An operating system command injection vulnerability exists in the FXC...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

CVE-2024-50366

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to inject arbitrary operating system commands...

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

PT-2024-8173 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C modem affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a...

PT-2024-16432 · Idexpert · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert versions up to 2.8 Description: The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be...

Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices due to a web server in the affected devices that does not authenticate a GET request that executes a specifi...