19639 matches found
CVE-2024-6186
A vulnerability, which was classified as critical, was found in Ruijie RG-UAC 1.0. This affects an unknown part of the file /view/userAuthentication/SSO/commit.php. The manipulation of the argument adlogname leads to os command injection. It is possible to initiate the attack remotely. The exploi...
CVE-2024-6187
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/vpn/autovpn/subcommit.php. The manipulation of the argument key leads to os command injection. The attack can be initiated remotely. The exploit has been...
CVE-2024-6185
A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC 1.0. Affected by this issue is the function getipaddrdetails of the file /view/dhcp/dhcpConfig/commit.php. The manipulation of the argument ethname leads to os command injection. The attack may be launched remotely...
The vulnerability of ASUS routers, related to the unlimited loading of dangerous files, allows attackers to execute arbitrary commands.
The vulnerability of ASUS routers is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
PT-2024-27683 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version 1.0.1-B20201211.2000 Description: A command injection issue allows a remote attacker to execute arbitrary code via the iface parameter in the vif enable function. This enables the attacker to inject and execute command...
PT-2024-37441 · Ruijie · Ruijie Rg-Uac
Name of the Vulnerable Software and Affected Versions: Ruijie RG-UAC version 1.0 Description: A critical vulnerability has been found in the file /view/vpn/autovpn/sub commit.php, where the manipulation of the key argument leads to os command injection. The attack can be initiated remotely. The...
The vulnerability of the PT Network Attack Discovery (PT NAD) traffic analysis system arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the superuser.
The vulnerability of the PT Network Attack Discovery PT NAD traffic analysis system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on behalf of the superuser...
GeoVision EOL Operating System Command Injection Vulnerability
GeoVision EOL is a series of surveillance devices from GeoVision Japan. The GeoVision EOL suffers from an operating system command injection vulnerability that stems from an inability to properly filter user input. A remote attacker could exploit this vulnerability to inject and execute arbitrary...
PT-2024-5054
Name of the Vulnerable Software and Affected Versions GeoVision devices affected versions not specified Description The issue exists due to the failure to properly filter user input for specific functionality, allowing unauthenticated remote attackers to inject and execute arbitrary system comman...
MGASA-2024-0224 Updated atril packages fix security vulnerability
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...
Updated atril packages fix security vulnerability
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...
pcp security update
An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...
RLSA-2024:3264 Important: pcp security update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...
Exploit for Deserialization of Untrusted Data in Apache Dubbo
Apache ActiveMQ远程命令执行漏洞 影响版本: 5.18.0=Apache ActiveMQ5.18.3, 5.17.0=Apache ActiveMQ5.17.6, 5.16.0=Apache ActiveMQ5.16.7, 5.15.0=Apache ActiveMQ5.15.15 利用方式: 利用ActiveMQ的反序列化漏洞,可以执行任意命令 漏洞回显复现: 漏洞脚本: https://github.com/Fw-fW-fw/activemqThrowable, https://github.com/sincere9/Apache-ActiveMQ-RCE Apach...
Exploit for CVE-2024-27173
Poc CVE-2024-27173 Join t.me/SpiderzTM - Shodan and FOFA D...
CVE-2024-27172
Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL...
CVE-2024-27175 Local File Inclusion
Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference URL...
CVE-2024-27175
CVE-2024-27175 affects Toshiba e-STUDIO/MFP devices, where a Local File Inclusion vulnerability allows an attacker to read arbitrary files on the printer via unsafely processed input. The root cause is insufficient validation of filename input, enabling information disclosure via the device UI or...
CVE-2024-27174 insecure upload
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...
CVE-2024-27174
CVE-2024-27174 affects Toshiba multi-function printers (e.g., Toshiba e-STUDIO/MFP family) via the Remote Command program, enabling remote code execution. Root cause involves the Remote Command component allowing untrusted input to trigger code execution; impact includes full confidentiality, int...