Command Injection

sequenceserver is vulnerable to Command Injection. The vulnerability is due to improper sanitization of user input and query parameters, allowing attackers to inject and execute shell commands...

GHSA-QV32-5WM2-P32H Command Injection in sequenceserver

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

Command Injection in sequenceserver

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

Command Injection in sequenceserver gem

Impact Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands Patches Fixed in 3.1.2 Workarounds No known workarounds...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

CVE-2024-39226

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

CVE-2023-41917 Improper input validation in Kiloview P1/P2 devices allows for remote code execution

Inadequate input validation exposes the system to potential remote code execution RCE risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution...

PT-2024-13008 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The system is exposed to potential remote code execution risks due to inadequate input validation. Attackers can exploit this by appending shell commands to the Speed-Measurement featur...

emacs -- Arbitrary shell code evaluation vulnerability

GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security vulnerability. Arbitrary shell commands are no longer run when turning on Org mode in order to avoid running malicious code...

CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

CVE-2023-39517

Joplin (note-taking app) has a documented XSS vulnerability (CVE-2023-39517) in affected versions where clicking an untrusted image link can execute shell commands. The HTML sanitizer in packages/renderer/htmlUtils.ts::sanitizeHtml preserves and links, but does not remove target or href attribu...

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

Joplin Security Vulnerabilities

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin versions prior to 2.13.3. An attacker can exploit the vulnerability to execute arbitrary shell commands...

Joplin Security Vulnerabilities

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin versions prior to 2.12.8. An attacker can exploit the vulnerability to execute arbitrary shell commands...

CVE-2024-1880

CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...

Auto-GPT Operating System Command Injection Vulnerability

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 up to and including version 5.1.0, which stems from an improper neutralization of special elements used in...

Command Injection

swiftmailer/swiftmailer is vulnerable to Command Injection. The vulnerability is due to improper handling of the "From" header when it comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands...

Facebook Tacacs+ 安全漏洞

Facebook Tacacs+ is a daemon library from Facebook Inc. in the United States. A security vulnerability exists in Facebook Tacacs+ version F4.0.4.28 and earlier, which originates from allowing users to configure authorization checks as shell commands via the tacplus.cfg configuration file...