PT-2024-7032 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-878 version DIR 878 FW130B08 D-Link DIR-882 version DIR 882 FW130B06 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the SetPortForwardingSettings function...

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows attackers to execute arbitrary commands.

The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...

GHSA-HWXP-6QF7-Q3RC Remote command execution in promptr

A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...

CVE-2024-46489

A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...

CVE-2024-43693

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands...

CVE-2024-45066

A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands...

CVE-2024-46489

A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...

Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE 命令注入漏洞

The Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE DFS ProGauge MAGLINK LX CONSOLE is an industrial console from Dover Fueling Solutions, Inc. designed for expansion. A command injection vulnerability exists in Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE version 3.4.2.2.6 and prior...

PT-2024-32013 · Promptr · Promptr

Name of the Vulnerable Software and Affected Versions: promptr version 6.0.7 Description: A remote command execution issue allows attackers to execute arbitrary commands via a crafted URL. This can lead to privilege escalation, resulting in unauthorized access. It is crucial to prioritize...

CVE-2024-46489

A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...

PT-2024-9827 · Ibm · Ibm Manageiq

Name of the Vulnerable Software and Affected Versions: IBM ManageIQ affected versions not specified Description: The issue is related to a remote command execution vulnerability. It allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted...

CVE-2024-46489

Promptr v6.0.7 is affected by a Remote Command Execution (RCE) issue caused by insufficient validation/handling of crafted URLs, enabling an attacker to execute arbitrary commands remotely. Confirmed across multiple sources (Red Hat, Veracode, GitHub advisory, PT-2024-32013) with high-severity ri...

DataEase Remote Command Execution Vulnerability (CNVD-2024-39251)

DataEase is a high-performance, easy-to-use, self-service data visualization and analysis tool that helps users quickly explore, understand and share data insights. DataEase suffers from a remote command execution vulnerability, which can be exploited by an attacker to leverage a code injection...

PT-2024-30620 · Unknown · Progauge Maglink Lx Console

Name of the Vulnerable Software and Affected Versions: ProGauge MAGLINK LX CONSOLE affected versions not specified Description: A specially crafted POST request to the "UTILITY sub-menu" can allow a remote attacker to inject arbitrary commands. This issue affects the ProGauge MAGLINK LX CONSOLE,...

The vulnerability of the upgrade_filter_asp function in D-Link DI-8300 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function in D-Link DI-8300 router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands via GET requests...

The vulnerability of the upgrade_filter_asp function in the upgrade_filter.asp file of the D-Link DI-8400 router’s microprogramming system, allowing a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function in the upgradefilter.asp file of the D-Link DI-8400 router microprogramming system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...

DataEase's H2 datasource has a remote command execution risk

Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...

GHSA-H7MJ-M72H-QM8W DataEase's H2 datasource has a remote command execution risk

Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...

CVE-2024-37779

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution RCE vulnerability via the Apache Ant script functionality...

CVE-2024-0005

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration...