PT-2024-10766 · Unknown · Ca Privileged Access Manager

Name of the Vulnerable Software and Affected Versions: Privileged Access Manager versions prior to 3.7.0.1 Description: The issue allows an SSH authenticated user to execute an OS command and gain full system access using bash when accessing the PAM server. Recommendations: For versions prior to...

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...

Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

GHSA-8FRP-PXQ2-3GPQ Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-7694

ThreatSonar Anti-Ransomware (TeamT5) suffers an unrestricted file upload vulnerability: uploaded files are not properly validated, enabling remote attackers with administrator privileges to upload malicious files and execute arbitrary system commands on the server. Impact is high (arbitrary code ...

PT-2024-6509 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setModifyVpnUser function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

CVE-2024-39607

OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...

The vulnerability of Adobe Dreamweaver’s HTML editor arises from the lack of measures taken to eliminate special elements used in the operating system command line. This allows attackers to execute arbitrary code.

The vulnerability of Adobe Dreamweaver exists because measures to neutralize special elements used in the operating system command are not taken. Exploiting this vulnerability allows a perpetrator to execute arbitrary code by sending a specially created malicious file...

ROS-20240716-03

A vulnerability in the Org-Link-Expand-ABBREV function of the LISP/OL.EL file of the EMACS text editor exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

Realtek rtl819x Jungle SDK OS Command Injection Vulnerability

The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China-based Realtek Semiconductor Realtek. An OS command injection vulnerability exists in Realtek rtl819x Jungle SDK version v3.4.11, which stems from an OS command injection vulnerability in the boa formWsc function...

MB Connect Line mbNET.mini OS Command Injection Vulnerability

MB Connect Line mbNET.mini is an industrial router from MB Connect Line, Germany. An operating system command injection vulnerability exists in MB Connect Line mbNET.mini version 2.2.11 and earlier, which stems from an improper neutralization of special elements used in operating system commands,...

PT-2024-6750 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.2.2 Splunk Enterprise versions prior to 9.1.5 Splunk Enterprise versions prior to 9.0.10 Splunk Cloud Platform versions prior to 9.1.2312.109 Splunk Cloud Platform versions prior to 9.1.2308.207...

WordPress plugin Consulting Elementor Widgets OS Command Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An operating system command...

CVE-2024-35304

CVE-2024-35304 describes a system command injection in Pandora FMS, triggered by the Netflow function due to improper input validation. Affected versions are Pandora FMS 700 up to, but not including, 777. The vulnerability can allow an attacker to execute arbitrary system commands remotely over t...

CVE-2024-35304 System command injection through Netflow function

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through 777...