509 matches found
CVE-2021-26116
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
CVE-2020-8539
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker t...
Improper Handling of Insufficient Permissions or Privileges
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the Dispatch function in the worker.go file. An attacker can escalate privileges and modify sensitive system data by sending unauthorized commands to manipulate the package...
Security Updates for Microsoft Excel Products (May 2025)
The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...
Security Updates for Microsoft Office Online Server (May 2025)
The Microsoft Office Online Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...
CVE-2025-3579
Aidex CVE-2025-3579 affects versions prior to 1.7. The issue is a prompt-injection vulnerability in the /api//message endpoint where the content parameter can be manipulated by an authenticated user with access to an open registry, enabling execution of OS commands (Unix), interaction with intern...
Security Updates for Microsoft Excel Products (April 2025)
The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has...
Security Updates for Microsoft Access Products (April 2025)
The Microsoft Access Products are missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for this issue but has instead relie...
Fail2Ban 0.11.2 Privilege Escalation / Command Execution
If a user can execute fail2ban-client with sudo, they can achieve local privilege escalation and command injection via user-modified actions. Author: Raed Ahsan Date: 24/03/2025 Fail2Ban-client privilege-escalation """ Fail2Ban Automated Exploit Script - CVE Candidate...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
PT-2025-11187
Name of the Vulnerable Software and Affected Versions: Fortinet FortiDDoS-F versions 7.0.0 through 7.02 Fortinet FortiDDoS-F versions prior to 6.6.3 Description: The software contains an improper neutralization of special elements used in an OS command, which may allow a privileged attacker to...
CVE-2025-1960
CVE-2025-1960 affects Schneider Electric WebHMI (EcoStruxure Power Automation System User Interface) used in EMO-L/EPAS deployments. The root cause is CWE-1188: Initialization of a Resource with an Insecure Default, where insecure default values during resource initialization could allow an attac...
Schneider Electric WebHMI 安全漏洞
Schneider Electric WebHMI is a human-machine interface software from Schneider Electric France. A security vulnerability exists in WebHMI v4.1.0.0 and earlier versions that originates from the use of insecure default values during resource initialization, which could allow an attacker to execute...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52961
An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-33501
Two improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...
CVE-2024-52960
A client-side enforcement of server-side security vulnerability CWE-602 in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.6 and before 4.2.7 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests...