CVE-2024-28767

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2024-28767 IBM Security Directory Integrator command execution

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

PT-2024-22568 · Ibm · Ibm Security Directory Integrator

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator versions 7.2.0 through 7.2.0.13 IBM Security Directory Integrator versions 10.0.0 through 10.0.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by...

The vulnerability of the Ruijie Reyee OS operating system is related to the use of a initially dangerous function, which allows attackers to execute arbitrary commands.

The vulnerability of the Ruijie Reyee OS operating system is related to the use of a initially dangerous function. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially created malicious MQTT message...

CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

CVE-2023-23356

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary commands.

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point Tenda G3 software is related to the lack of measures taken to neutralize special elements during the processing of the usbPartitionName parameter. Exploiting this vulnerability allows a remote attacker to...

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions, allowing a perpetrator to execute arbitrary commands.

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions. Exploiting these vulnerabilities can allow a remote attacker to execute arbitrary commands...

The vulnerability of the MQTT broker of Ruijie Reyee OS operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the MQTT broker operating system in Ruijie Reyee OS is related to improper handling of insufficient permissions or privileges. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

NUUO NVRmini Devices OS Command Injection Vulnerability

NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...

CVE-2024-53376

CyberPanel prior to 2.3.8 is affected by an authenticated OS command injection in the websites/submitWebsiteCreation endpoint. The root cause is input handling of the phpSelection field allowing shell metacharacters to be executed by an authenticated user, enabling arbitrary command execution wit...

The vulnerability of the microprogrammed routing software of I-O Data Device UD-LT1 and UD-LT1/EX exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the I-O Data Device UD-LT1 and UD-LT1/EX router microprogramming systems exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

...

PT-2024-36552 · Unknown · Crater Invoice

Name of the Vulnerable Software and Affected Versions: Crater Invoice affected versions not specified Description: A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP KEY to achieve remote command execution on the server by manipulating the laravel sessi...

Dell Avamar SQL Injection Vulnerability (CNVD-2025-18250)

Dell Avamar is a software solution for data backup and recovery. A SQL injection vulnerability exists in Dell Avamar. The vulnerability stems from an improper neutralization of special elements in SQL commands. An attacker could exploit this vulnerability to perform command execution...

The vulnerability of the upgrademysqlstatus() function in the CyberPanel web hosting control panel allows a hacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the upgrademysqlstatus function in the CyberPanel web hosting control panel is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to elevate their privileges and execute arbitrary commands remotely...

ROS-20241211-04

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

The vulnerability of the Microprogrammed Software for IP Telephones Mitel 6869i, related to the lack of measures taken at the control level to protect data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Microprogrammed Software for Mitel 6869i IP phones lies in the lack of measures taken to sanitize data at the administrative level when processing parameters like username and path on the upgrade.html page. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability in the RMT_invite.cgi script of NETGEAR R7000 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability in the RMTinvite.cgi script of NETGEAR R7000 Wi-Fi routers lies in the lack of data cleaning at the control level when processing the parameter devicename2. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

CVE-2024-55547 Remote Command Execution via SNMP

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e...