PT-2024-16041 · Secom · Wrtm326

Name of the Vulnerable Software and Affected Versions: SECOM WRTM326 wireless router affected versions not specified Description: The wireless router WRTM326 from SECOM does not properly validate a specific parameter. An unauthenticated remote attacker could execute arbitrary system commands by...

CVE-2023-32193

A vulnerability has been identified in which unauthenticated cross-site scripting XSS in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely...

Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 CVE-2018-16874: Fixed directory traversal in cmd/go bsc1118898 CVE-2018-16875: Fixed CPU denial of service in crypto/x509 bsc1118899...

The vulnerability of the Telnet service of D-Link’s wireless routers, such as DIR-X4860, DIR-X5460A1, and COVR-X1870, allows a hacker to execute arbitrary commands in the basic operating system.

The vulnerability of D-Link DIR-X4860, DIR-X5460A1, and COVR-X1870 wireless routers lies in the presence of undocumented configuration commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system using hard-coded credentials...

The vulnerability of the virtual keyboard of the VisionOS operating system, which allows a hacker to escalate their privileges and execute arbitrary commands

The vulnerability of the virtual keyboard in the VisionOS operating system is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary commands remotely...

GHSA-4R7V-WHPG-8RX3 changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution Vulnerability

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script. ABB...

VulnCheck KEV: CVE-2014-4663

TimThumb 2.8.13 and WordThumb 1.07, when Webshot aka Webshots is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter...

WatchGuard XTM Firebox 12.5.x Buffer Overflow

============================================================================================================================================= | Title : WatchGuard XTM Firebox 12.5.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

============================================================================================================================================= | Title : WordPress File Manager Advanced Shortcode 2.3.2 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

TOTOLINK 9.x Command Injection

============================================================================================================================================= | Title : TOTOLINK 9.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits | |...

CVE-2024-9916

A vulnerability, which was classified as critical, has been found in HuangDou UTCMS V9. Affected by this issue is some unknown functionality of the file app/modules/ut-cac/admin/cli.php. The manipulation of the argument o leads to os command injection. The attack may be launched remotely. The...

pickle deserialization vulnerability

Description There is a pickle deserialization vulnerability in the Latex English error correction plug-in function of gptacademic, which allows attackers to achieve remote command execution Environment setup 1. wget https://github.com/binary-husky/gptacademic/archive/refs/tags/version3.83.zip 2...

Exploit for Incorrect Implementation of Authentication Algorithm in Ivanti Virtual_Traffic_Management

CVE-2024-7593 Description: CVE-2024-7593 is a critical v...

VulnCheck KEV: CVE-2018-20334

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /startapply.htm POST data, there is a command injection issue via shell metacharacters in the fbemail parameter. By using this issue, an attacker can control the router and get shell...

PT-2024-10336 · Unknown · Gpt Academic

Name of the Vulnerable Software and Affected Versions: GPT Academic affected versions not specified Description: The issue is related to a flaw in the deserialization mechanism of the latex pickle io.py module in the GPT Academic machine learning application. This flaw can be exploited by a remot...

CVE-2024-39563

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete...