PT-2024-22222 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...

PT-2024-8173 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C modem affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a...

Microchip TimeProvider 4100 操作系统命令注入漏洞

Microchip TimeProvider 4100 is a gateway clock from Microchip, Inc. A security vulnerability exists in the Microchip TimeProvider 4100 prior to version 2.4.7 that stems from improper neutralization of special elements of operating system commands, resulting in OS command injection...

GHSA-8FRP-PXQ2-3GPQ Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

Realtek rtl819x Jungle SDK OS Command Injection Vulnerability

The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China-based Realtek Semiconductor Realtek. An OS command injection vulnerability exists in Realtek rtl819x Jungle SDK version v3.4.11, which stems from an OS command injection vulnerability in the boa formWsc function...

WordPress plugin Consulting Elementor Widgets OS Command Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An operating system command...

CVE-2024-35304 System command injection through Netflow function

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through 777...

CVE-2024-35304

CVE-2024-35304 describes a system command injection in Pandora FMS, triggered by the Netflow function due to improper input validation. Affected versions are Pandora FMS 700 up to, but not including, 777. The vulnerability can allow an attacker to execute arbitrary system commands remotely over t...

Sysaid Technologies SysAid Operating System Command Injection Vulnerability

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. SysAid suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements used in operating system commands, resulting i...

AnythingLLM Operating System Command Injection Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an operating system command injection vulnerability that stems from improper handling of environment variables, leading to remote code execution...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

Multiple vulnerabilities in UTAU

Overview UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-28886 Path Traversal CWE-22 - CVE-2024-32944 Yu Ishibashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

VulnCheck KEV: CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

Tenda AC10 操作系统命令注入漏洞

Tenda AC10 is a wireless router from Tenda, China. An OS command injection vulnerability exists in Tenda AC10U version 15.03.06.48, which originates from an OS command injection in the usbName parameter of the formSetSambaConf method on the /goform/setsambacfg page...

CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...