The vulnerability of the apcli_wps_gen_pincode function in the TOTOLINK A6000R router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the apcliwpsgenpincode function in the TOTOLINK A6000R router’s microprogramming system is related to the lack of measures taken to neutralize special elements used in the command when processing the ifname parameter. Exploiting this vulnerability allows a remote attacker to...

Synology BeePhotos 操作系统命令注入漏洞

Synology BeePhotos is a photo backup program from China-based Synology Inc. The operating system command injection vulnerability exists in Synology BeePhotos versions prior to 1.0.2-10026 and 1.1.0-10053, which stems from improper neutralization of a special element in the Task Manager component,...

The vulnerability of the apcli_do_enr_pin_wps function in the microprogramming software of the TOTOLINK A6000R router allows a hacker to execute arbitrary commands.

The vulnerability of the apclidoenrpinwps function in the TOTOLINK A6000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the command when processing the ifname parameter. Exploiting this vulnerability can allow a remote attacke...

The vulnerability of the upgrade_filter_asp function in the /upgrade_filter.asp file of the D-Link DI-8003 router’s microprogramming system, allowing a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function in the /upgradefilter.asp file of the D-Link DI-8003 router microprogramming system is related to the lack of measures taken at the control level for data cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition, related to the lack of measures taken to clean up data at the management level, allows a violator to introduce commands into the system.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute commands on the connected Cube...

CVE-2024-11005

Command injection in Ivanti Connect Secure before version 22.7R2.1 Not Applicable to 9.1Rx and Ivanti Policy Secure before version 22.7R1.1 Not Applicable to 9.1Rx allows a remote authenticated attacker with admin privileges to achieve remote code execution...

Low: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

RHEL 9 : cups (RHSA-2024:9470)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9470 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd:...

ALSA-2024:9470 Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file For more details about the security issues, including the impact, a CVSS score,...

Low: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: libppd: remote command injection via attacker controlled data in PPD file For more details about the security issues, including the impact, a CVSS score,...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2024-34371 · Schrödinger · Pymol

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 is vulnerable in its Run Script function, which can execute arbitrary Python code embedded in .PY files, enabling Remote Command Execution (RCE) when a malicious .PY file with a reverse-shell payload is processed. The root cause is PyMOL treating .PYM files as Python scripts without p...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2024-8703 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.1 Ivanti Policy Secure versions prior to 22.7R1.1 Description: The issue is related to command injection, allowing a remote authenticated attacker with admin privileges to achieve remote code...

The vulnerability of the dbsrv_asp function in the /dbsrv.asp file of the D-Link DI-8003 device’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the dbsrvasp function in the /dbsrv.asp file of the D-Link DI-8003 device’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by injecting a specially crafted comma...

CVE-2024-11046

A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgradefilterasp of the file /upgradefilter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has...

The vulnerability of the cgi_user_add function in the CGI script /cgi-bin/account_mgr.cgi?cmd=cgi_user_add allows a hacker to execute arbitrary commands. This vulnerability affects microprogrammed devices from the D-Link series: DNS-320, DNS-320LW, DNS-325, and DNS-340L.

The vulnerability of the cgiuseradd function in the CGI script /cgi-bin/accountmgr.cgi?cmd=cgiuseradd in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this...

CVE-2024-10966

A vulnerability, which was classified as critical, has been found in TOTOLINK X18 9.1.0cu.2024B20220329. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable leads to os command injection. The attack may be launched remotel...