CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

CVE-2024-11003

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library Modules::ScanDeps which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps...

CVE-2024-10224

Qualys reports CVE-2024-10224 affects perl-Module-ScanDeps prior to 1.36, where unsanitized input could allow local command execution via open() of a pipe or by eval(). Remediations shown in connected advisories include updating to 1.36+ (examples show 1.37+ in Amazon Linux 2023/AL2023 and other ...

CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

CVE-2024-10224

Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

Module-ScanDeps 权限许可和访问控制问题漏洞

Module-ScanDeps is an application by Roderich Schupp Personal Developer. A security vulnerability exists in Module-ScanDeps versions prior to 1.36 that stems from improper input validation, which could lead to a local attacker executing arbitrary shell commands by opening a pesky pipe or passing ...

CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection Vulnerability

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script. ABB Cylon Aspect 3.08.01...

CVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...

Exploit for Code Injection in Grafana

CVE-2024-9264-RCE-Exploit in Grafana via SQL Expressions D...

CVE-2024-40089

CVE-2024-40089 affects Vilo 5 Mesh WiFi System up to version 5.16.1.33. Affected component is the device name handling, where a remote, authenticated attacker can inject shell commands to execute arbitrary code on the system. CVSSv3.1 base score 9.1 (CRITICAL) with network access, low attack comp...

CVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...

CVE-2024-40089

A Command Injection vulnerability in Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution Vulnerability

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script. ABB...

ABB Cylon Aspect 3.08.00 yumSettings.php Command Injection Vulnerability

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the PROXY HTTP POST parameter called by the yumSettings.php script. ABB Cylon Aspect 3.08.00 yumSettings.php Remote Code...

CVE-2024-39563

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete...

CVE-2024-39563 Junos Space: Remote Command Execution (RCE) vulnerability in web application

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete...