19628 matches found
PT-2024-38350 · Vivotek · Vivotek Cc8160
Name of the Vulnerable Software and Affected Versions: Vivotek CC8160 VVTK-0100d affected versions not specified Description: A critical vulnerability affects the function getenv of the file upload file.cgi. The manipulation of the argument QUERY STRING leads to command injection. It is possible ...
CVE-2024-38887
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges...
CVE-2024-38882
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command...
CVE-2024-7029
Commands can be injected over the network and executed without authentication...
POC
Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0 beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:spring="http://camel.apache.org/schema/spring" xmlns:context="http://www.springframework.org/schema/context"...
Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal
Enterprise Resource Planning ERP Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critic...
Horizon Business Services Caterease 安全漏洞
Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which originates from executing commands with...
Horizon Business Services Caterease 安全漏洞
Horizon Business Services Caterease is an event planning and catering software from Horizon Business Services, USA. A security vulnerability exists in Horizon Business Services Caterease versions 16.0.1.1663 through 24.0.1.2405 and later versions, which stems from improper neutralization of...
The vulnerability of the Ping and Traceroute utilities in the SmartOS Wi-Fi router AdTran SRG 834-5 allows a hacker to execute arbitrary operating system commands.
The vulnerability of the Ping and Traceroute utilities in the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the lack of measures taken to neutralize the special elements used in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating...
The vulnerability of the Project Module in the Apache StreamPark development and management environment allows a attacker to execute arbitrary commands.
The vulnerability of the Project Module in the Apache StreamPark development and management environment is related to incorrect processing of the "" element. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...
The vulnerability of the SSH service on the SmartOS operating system, specifically the AdTran SRG 834-5 Wi-Fi routers, allows a hacker to execute arbitrary operating system commands.
The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of strictly encrypted login credentials. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system...
The vulnerability of the mknotifyd software, a monitoring tool for IT infrastructure, allows a perpetrator to execute arbitrary commands.
The vulnerability of the mknotifyd software for monitoring IT infrastructure systems in Checkmk is related to improper elimination of separators. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerabilities of the event monitoring, threat detection, and security analytics platforms of IBM QRadar Suite and IBM Cloud Pak for Security allow attackers to execute arbitrary commands.
The vulnerability of platform monitoring systems for events detection, threat detection, and security analytics in IBM QRadar Suite and IBM Cloud Pak for Security exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...
The vulnerability of the child_process.spawn() and child_process.spawnSync() functions in the Node.js software platform for Windows operating systems allows a hacker to bypass security restrictions and execute arbitrary commands.
The vulnerability of the childprocess.spawn and childprocess.spawnSync functions in the Node.js software platform for Windows operating systems is related to the improper handling of the shell parameter in .bat and .cmd files. Exploiting this vulnerability allows a remote attacker to bypass...
The vulnerability of the WriteFacMac function in the microprogramming software for Tenda FH1201 allows a hacker to execute arbitrary commands.
The vulnerability of the formWriteFacMac function in the Tenda FH1201 router microprogramming system is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of the Project Module in the Apache StreamPark development and management environment allows a attacker to execute arbitrary commands.
The vulnerability of the Project Module in the Apache StreamPark development and management environment is related to incorrect processing of the element. Exploiting this vulnerability may allow an attacker to execute arbitrary commands remotely...
PT-2024-29133 · Ffri · Ffri Amc
Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...
ROS-20240729-22
A vulnerability in the packageindex module of the library designed to simplify the packaging of setuptools projects is related to functions used to download packages from URLs, provided by users or obtained from package index servers, are susceptible to code injection. Exploitation of the...
CVE-2024-41611
CVE-2024-41611 affects the D-Link DIR-860L REVA router firmware PATCH 1.10..B04, where the Telnet service contains hardcoded credentials , enabling remote login and execution of arbitrary commands. The vulnerability is documented across multiple sources (NVD/Red Hat/CNVD/CNNVD/OpenVAS entries) an...
Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site
The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...