The vulnerability of the LibreNMS network monitoring system, related to the failure to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the LibreNMS network monitoring system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response solutions lies in the lack of data cleansing at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response involves a lack of data cleansing measures at the control level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

CVE-2024-11659 EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diagiperf. The manipulation of the argument iperf leads to command injection. The attack may be...

CVE-2024-11654

The CVE-2024-11654 entry applies to EnGenius ENH1350EXT, ENS500-AC and ENS620EXT (up to 2024-11-18). The vulnerability affects an unspecified part of the file /admin/network/diag_traceroute6, where manipulation of the diag_traceroute6 parameter yields a command-injection flaw. It is exploitable r...

PT-2024-17161 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 Description: A critical vulnerability affects an unknown functionality of the file /admin/sn package/sn https. The manipulation of the argument https enable leads to command injectio...

PT-2024-17164 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118 Description: A critical vulnerability was found in the specified EnGenius devices, affecting the file...

The vulnerability of the industrial process visualization and control system mySCADA myPRO Runtime and the mySCADA myPRO Manager lies in the failure to take measures to neutralize special elements used in the operating system’s commands, allowing attackers to execute arbitrary operating system commands.

The vulnerability of the industrial process visualization and control systems mySCADA myPRO and mySCADA myPRO Manager lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

The vulnerability of the formWriteFacMac() function (/goform/WriteFacMac) in the Tenda AC6 router software allows a hacker to execute arbitrary commands.

The vulnerability of the formWriteFacMac function /goform/WriteFacMac of the Tenda AC6 router software lies in the lack of data cleaning at the control level when processing the mac parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...

CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...

CVE-2024-11666

CVE-2024-11666 affects cph2_echarge_firmware up to 2.0.4. Root cause: peer verification is disabled and communication with the eCharge cloud infrastructure occurs over an insecure channel, enabling remote unauthenticated users on the network between the EV charger controller and eCharge infrastru...

CVE-2024-11665 Unauthenticated Remote Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in hardy-barth cph2echargefirmware allows OS Command Injection.This issue affects cph2echargefirmware: through 2.0.4...

CVE-2024-11665 Unauthenticated Remote Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in hardy-barth cph2echargefirmware allows OS Command Injection.This issue affects cph2echargefirmware: through 2.0.4...

PT-2024-17160 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT versions up to 20241118 Description: A critical issue affects an unknown function of the file /admin/network/wifi schedule. The manipulation of the argument wifi schedule day em 5 leads to command...

Malicious code in codeql-extractor-iac-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3f77f847f2c7d09571ef2516734c1d483d434e0980f32c21967900b8d28dd4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8806

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Exploit for OS Command Injection in Zimbra Collaboration

CVE-2024-45519 CVE-2024-45519 is a high-risk vulnerability in...

D-LINK DI-8400 Remote Command Execution Vulnerability

The D-LINK DI-8400 is an American D-Link router device for home and small business network connectivity. Multiple remote command execution vulnerabilities exist in the mspinfohtm function in the D-LINK DI-8400 version v16.07.26A1 via the flag and cmd parameters. A remote attacker can exploit this...

The vulnerability in the wiz_dyn.cgi script of NETGEAR XR300 microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability in the wizdyn.cgi script of NETGEAR XR300 router microprogramming software relates to the failure to take measures to neutralize special elements used in operating system commands when processing the parameter systemname. Exploiting this vulnerability allows a malicious actor to...

The vulnerability in the ether.cgi script of NETGEAR R8500 router software allows a hacker to execute arbitrary commands.

The vulnerability of the ether.cgi script in NETGEAR R8500 router microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system’s processing of the wangateway parameter. Exploiting this vulnerability allows a remote attacker to execu...