CVE-2024-2359

A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the /executecode endpoint, which is intended to be blocked from external access by default. However,...

Sysaid Technologies SysAid Operating System Command Injection Vulnerability

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. SysAid suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements used in operating system commands, resulting i...

AnythingLLM Operating System Command Injection Vulnerability

AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from an operating system command injection vulnerability that stems from improper handling of environment variables, leading to remote code execution...

PT-2024-5243 · Futurenet · Futurenet Nxr Series

Name of the Vulnerable Software and Affected Versions: FutureNet NXR series versions affected versions not specified FutureNet VXR series versions affected versions not specified FutureNet WXR series versions affected versions not specified Description: The issue is related to the lack of measure...

LoLLMs Operating System Command Injection Vulnerability

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. An operating system command injection vulnerability exists in LoLLMs version 9.3 that stems from improper neutralization of special elements used in operating system commands, which could allow...

CVE-2024-29975

UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated local attacker with administrator privileges to execute...

CVE-2024-29848

An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM...

Multiple vulnerabilities in UTAU

Overview UTAU provided by ameya/ayame contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2024-28886 Path Traversal CWE-22 - CVE-2024-32944 Yu Ishibashi reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

CVE-2024-4267

The CVE-2024-4267 entry concerns parisneo/lollms-webui version 9.5, in the open_file (open file) function. The root cause is improper neutralization of elements in a user-controlled file path used by subprocess.Popen, allowing command injection. This enables remote code execution where an attacke...

CVE-2024-20360

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

VulnCheck KEV: CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

OESA-2024-1587 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

OESA-2024-1547 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

CVE-2024-24487

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command...

CVE-2024-24487

The CVE-2024-24487 entry concerns Silex Technology DS-600 Firmware v1.4.1. A remote attacker can trigger a denial of service by sending crafted UDP packets that invoke the EXEC REBOOT SYSTEM command. Public documents identify the affected device and firmware version and describe the impact as DoS...