Apache HugeGraph Server 1.0.x < 1.3.0 (CVE-2024-27348)

The version of Apache HugeGraph Server installed on the remote host is prior to 1.3.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27348 advisory. - RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server:...

RockyLinux 8 : cups-filters (RLSA-2024:7463)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:7463 advisory. cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source cups-filters: libcupsfilters: cfGetPrinterAttributes API does n...

The vulnerability of the PFE (evo-pfemand) control demon in JunOS Evolved operating systems allows a intruder to trigger a service failure.

The vulnerability of the PFE evo-pfemand control demon for JunOS Evolved is related to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service failures by executing arbitrary commands through the command line interface, or by sending...

CVE-2024-20329

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

PT-2024-8798 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A vulnerability was discovered in the "capture packages" operation of...

Cisco Adaptive Security Appliance 安全漏洞

Cisco Adaptive Security Appliance ASA is a comprehensive network security appliance developed by Cisco that provides firewall, VPN, IPS, and other security features. It supports both physical and virtual deployments and can adapt to the security needs of networks of different sizes. A remote...

The vulnerability in the operating_mode.cgi script of NETGEAR’s router microprogramming devices EX6120, EX6100, and EX3700 allows a hacker to execute arbitrary commands.

The vulnerability of the operatingmode.cgi script in NETGEAR’s microprogrammed router devices, such as EX6120, EX6100, and EX3700, is related to the lack of measures taken to protect data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability in the genie_fix2.cgi microprogramming software for NETGEAR EX6120 allows a hacker to execute arbitrary commands.

The vulnerability of the geniefix2.cgi microprogramming software for NETGEAR EX6120 routers is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the wandns1pri parameter...

The vulnerability of the SetVirtualServerSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 router microprogramming systems allows a hacker to execute arbitrary commands.

The vulnerability of the SetVirtualServerSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the Routed PON Controller Software component in the Cisco IOS XR operating system of Cisco NCS 540 Series Routers, NCS 5500 Series Routers, and NCS 5700 Series Routers allows attackers to execute arbitrary commands.

The vulnerability of the Routed PON Controller Software in Cisco IOS XR routers from the Cisco NCS 540 Series, NCS 5500 Series, and NCS 5700 Series routers exists due to the lack of measures taken to neutralize specific elements used in the operating system commands. Exploiting this vulnerability...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 Versions 1.0.0https://github.com/grec...

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.

The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the SetPortForwardingSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetPortForwardingSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists because measures to neutralize special elements used in operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute...

D-Link DIR-878 and D-Link DIR-882 Command Injection Vulnerability (CNVD-2024-41694)

The D-Link DIR-878 is a wireless router.The D-Link DIR-882 is a dual-band wireless router. A command injection vulnerability exists in the D-Link DIR-878 and D-Link DIR-882, which can be exploited by an attacker to execute arbitrary operating system commands via a constructed POST request...

PT-2024-8828 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor 3900 version 1.5.1.3 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command by the doPPPo function in the mainfunction.cgi script of the DrayTek Vigor 3900 router...

CVE-2024-10193

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028 and classified as critical. This issue affects the function pingddns of the file internet.cgi. The manipulation of the argument DDNS leads to command injection. The attack may be initiated remotely. The exploit has...

CVE-2024-10119

The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by sending crafted requests...

PT-2024-16041 · Secom · Wrtm326

Name of the Vulnerable Software and Affected Versions: SECOM WRTM326 wireless router affected versions not specified Description: The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by...

CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...