19643 matches found
LevelOne WBR-6013 Security Vulnerability
The LevelOne WBR-6013 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623 version, which stems from the presence of residual debugging code in the boa formSysCmd function, where a specially crafted network request could result in...
The vulnerability in the backend/script code of the proxy manager for NGINX Proxy Manager allows a perpetrator to execute arbitrary commands.
The vulnerability in the backend/script of the NGINX Proxy Manager for hosting management exists because measures to neutralize specific elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...
CVE-2024-34361
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...
CVE-2024-34361
Pi-hole CVE-2024-34361 affects Core versions before 5.18.3. The vulnerability allows an authenticated user to make internal requests via gravity_DownloadBlocklistFromUrl(), potentially leading to remote code execution (RCE). A patch exists in 5.18.3. Public advisories from Red Hat and OSV describ...
Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication
It is an exploit module/toolkit targeting a web application. The...
PT-2024-27742 · 14Finger · 14Finger
Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: The issue is related to a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. Recommendations: For...
rejetto HFS Security Vulnerability
rejetto HFS is a web-based file server from the individual developer Massimo Melina in Italy. A security vulnerability exists in rejetto HFS versions prior to 0.52.10, which originates from allowing an authenticated remote user to execute operating system commands...
The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.
The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...
CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...
The vulnerability of the web server of the microprogramming software in the industrial cellular LTE modem OnCell G3470A-LTE allows a hacker to execute arbitrary commands.
The vulnerability of the web server of the microprogramming software in the industrial cellular LTE modem OnCell G3470A-LTE is related to the lack of measures taken to neutralize special elements used in the OS commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the get_ip.addr_details function in Ruijie RG-UAC router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the getip.addrdetails function /view/vpn/autovpn/sxhvpnlic.php in Ruijie RG-UAC router software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...
Malicious code in iobeya-time-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b5b2fd0fb985e16671bbfe20f9b7b2ef8e7a62cc0050b51cea290d85574f75c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the composer.phar file of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.
The vulnerability of the composer.phar file of the PHP Composer dependency manager is related to the registerargcargv function in php.ini. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
USN-6856-1 fontforge vulnerabilities
It was discovered that FontForge incorrectly handled filenames. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a command injection. CVE-2024-25081 It was discovered that FontForge incorrectly...
CVE-2024-4197
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1...
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1...
CVE-2024-4196
CVE-2024-4196 – Avaya IP Office Web Control RPC/RCE issue. The vulnerability stems from improper input validation in the Web Control component of Avaya IP Office, enabling remote code execution via a crafted web request. Affected products: Avaya IP Office (Web Control) prior to version 11.1.3.1. ...
Progress Software WhatsUp Gold Security Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...
Avaya IP Office Security Breach
Avaya IP Office is a small business phone system from Avaya USA. A security vulnerability exists in Avaya IP Office versions prior to 11.1.3.1 that originates from allowing remote command or code execution via the One-X component...
Progress Software WhatsUp Gold Security Vulnerability
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability exists in Progress Software WhatsUp Gold version 2023.1.3 that...