CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

CBL Mariner 2.0 Security Update: patch (CVE-2019-13638)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13638 advisory. - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafte...

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-4748

CVE-2024-4748 affects CRUDDIY/Cruddiy. The vulnerability is a shell command injection triggered by sending a crafted POST request to the application server. The exploitation risk is described as limited because CRUDDIY is designed to be launched locally, but a user running the project could be ta...

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

PT-2024-32629 · Cruddiy · Cruddiy

Name of the Vulnerable Software and Affected Versions: CRUDDIY affected versions not specified Description: The issue allows for shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally...

Cruddiy Command Injection Vulnerability

Cruddiy is a free no-code PHP bootstrap CRUD generator by Jan van den Berg, a personal developer. A security vulnerability exists in Cruddiy that stems from vulnerability to shell command injection attacks...

PT-2024-23853 · Unknown · Parisneo/Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms version 5.9.0 Description: A remote code execution issue exists in the create conda env function due to the use of shell=True in the subprocess.Popen function. This allows an attacker to inject arbitrary commands by manipulati...

RHEL 8 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: shell command injection in mount.cifs CVE-2020-14342 - cifs-utils through 6.14, with verbose...

RHEL 6 : sssd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sssd: shell command injection in sssctl CVE-2021-3621 - The UNIX pipe which sudo uses to contact SSSD and...

RHEL 7 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: shell command injection in mount.cifs CVE-2020-14342 - cifs-utils through 6.14, with verbose...

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...

[SECURITY] [DSA 5641-1] fontforge security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5641-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 19, 2024 https://www.debian.org/security/faq -...

OESA-2024-1274 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...

GHSA-6H78-85V2-MMCH PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...

Axis Communications Multiple IP Cameras Command Injection (CVE-2018-10660)

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

NewStart CGSL MAIN 5.04 : openssl Vulnerability (NS-SA-2023-0069)

The remote NewStart CGSL host, running version MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...