Command Execution Vulnerability in the Management Server of itC Center of Guangdong Paulan Electronics Company Limited (CNVD-2024-41827)

Ltd. is a high-tech enterprise integrating R&D, design, production, sales and service of audio-visual system overall solution products. There is a command execution vulnerability in the itC center management server of Guangdong Paulan Electronics Co., Ltd. that can be exploited by an attacker to...

CVE-2024-8779

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

Command Execution Vulnerability in anysec 2nd Generation Firewall System of Shenzhen Zhongke Netway Technology Co. Ltd (CNVD-2024-41199)

Ltd. is a high-tech enterprise focusing on the research, development and production of network security products. Shenzhen Zhongke Networthy Technology Co., Ltd. anysec second-generation firewall system has a command execution vulnerability that can be exploited by an attacker to gain control of...

File Upload Vulnerability in the Management Server of itC Center of Guangdong Paulan Electronics Co.(CNVD-2024-38833)

Ltd. is a high-tech enterprise integrating R&D, design, production, sales and service of audio-visual system overall solution products. There is a file upload vulnerability in the management server of Guangdong Paulan Electronics Co. itC Center, which can be exploited by an attacker to gain contr...

Apache HugeGraph Gremlin RCE

This module exploits CVE-2024-27348 which is a Remote Code Execution RCE vulnerability that exists in Apache HugeGraph Server in versions before 1.3.0. An attacker can bypass the sandbox restrictions and achieve RCE through Gremlin, resulting in complete control over the server Module Options msf...

Command Execution Vulnerability in MetaCRM6 Customer Relationship Management System of Beijing Meta Software Technology Co.

Beijing Metsoft Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the MetaCRM6 customer relationship management system of Beijing Meta Software Technology Co. Ltd, which can be...

File upload vulnerability exists in jpress of Guizhou Small Code Technology Co.(CNVD-2024-38103)

JPress is a complete Java CMS web management system. A file upload vulnerability exists in Guizhou Small Code Technology Co. jpress, which can be exploited by an attacker to gain control of the server...

SQL Injection Vulnerability in FineReport of SailSoft Software Limited (CNVD-2024-33679)

FineReport is reporting software tool. SQL injection vulnerability exists in FineReport of SailSoft Software Ltd. The vulnerability is due to the existence of unauthorized sql injection in the /view/ReportServer interface, which can be exploited by an attacker to write to a file using sql...

DedeCMS Code Injection Vulnerability (CNVD-2024-33894)

DedeCMS is a popular content management system widely used to create and manage website content for a variety of application scenarios such as corporate websites and personal blogs. A code injection vulnerability exists in the articletemplaterand.php file in DedeCMS version 5.7.114. The...

Command Execution Vulnerability in Multiple Products of FanSoft Software Co.

Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A command execution vulnerability exists in multiple products of SailSoft Software Limited, which can be exploited by attackers to gain control of a server...

CVE-2024-39911

CVE-2024-39911 affects 1Panel, a web-based Linux server management control panel. The issue is an unspecified SQL injection via User-Agent handling that can impact confidentiality, integrity, and availability. Red Hat and other sources corroborate the same description and note the fix in version ...

Command Execution Vulnerability in RG-UAC 6000-E50 of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-34609)

The RG-UAC 6000-E50 is an online behavior management device. A command execution vulnerability exists in the RG-UAC 6000-E50 of Beijing StarNet Ruijie Network Technology Co. Ltd, which can be exploited by an attacker to gain control of a server...

GHSA-RRQQ-FV6M-692M vanna vulnerable to remote code execution caused by prompt injection

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

CVE-2024-5826

CVE-2024-5826 – vanna-ai/vanna has a remote code execution vulnerability in the vanna.ask function due to prompt injection. The root cause is the absence of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in src/vanna/base/bas...

Credential Leakage

org.keycloak, keycloak-core is vulnerable to Credential Leakage. The vulnerability is due to a lack of proper validation and enforcement when administrators change the LDAP Connection URL without requiring re-entry of the currently configured LDAP bind credentials. The vulnerability allows an...

Command Execution Vulnerability in EG3220 of Beijing StarNet Ruijie Network Technology Co.

Ltd. EG3220 is a new generation of multi-service security gateway. The EG3220 has a command execution vulnerability that can be exploited by an attacker to gain control of the server...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

Command Execution Vulnerability in Business Integrated Management Platform of Puyuan Information Technology Company Limited (CNVD-2024-24193)

Puyuan Information Technology Co., Ltd. is a professional provider of software infrastructure platform products and solutions. A command execution vulnerability exists in the Business Integrated Management Platform of Puyuan Information Technology Co., Ltd. that can be exploited by an attacker to...