Ghostty 代码注入漏洞

Ghostty is a fast, native, feature-rich terminal emulator from the Ghostty open source. A code injection vulnerability exists in Ghostty version 1.0.0. An attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

The vulnerability of the getWindowsIEEE8021x function in the npm systeminformation package of the Node.js software platform allows a perpetrator to escalate their privileges and execute arbitrary commands.

The vulnerability of the getWindowsIEEE8021x function in the npm systeminformation package of the Node.js software platform is related to improper code generation during the processing of SSID identifiers. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...

GHSA-VM62-9JW3-C8W3 Gogs has an argument Injection in the built-in SSH server

Impact When the built-in SSH server is enabled server STARTSSHSERVER = true, unprivileged user accounts with at least one SSH key can execute arbitrary commands on the Gogs instance with the privileges of the user specified by RUNUSER in the configuration. It allows attackers to access and alter...

The vulnerability of the CyberPanel web hosting control panel, related to the lack of measures to neutralize specific elements, allows a hacker to execute arbitrary commands.

The vulnerability of the CyberPanel web hosting control panel exists due to the lack of measures taken to neutralize certain elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created HTTP OPTIONS request...

CVE-2020-13712

A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected...

CVE-2020-13712 MGOS Command Injection

A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected...

CVE-2020-13712

The CVE-2020-13712 issue affects Sierra Wireless MGOS/Omg2000 devices: oMG2000 version 3.15.1 and earlier, and MG90 version 4.2.1 and earlier. A command injection via the user interface allows arbitrary command execution as root. Root-cause and impact are described across CVE records; affected co...

GHSA-5QWW-56GC-F66C GoCast OS Command Injection vulnerability

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

GoCast OS Command Injection vulnerability

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

Dell RecoverPoint for Virtual Machines Command Injection Vulnerability

Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. A command injection vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1 P1,...

CVE-2024-10220

...

Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Directory Integrator (CVE-2023-32328, CVE-2023-43017, CVE-2022-2068)

Summary Multiple Security Vulnerabilities have been addressed in the IBM Security Directory Integrator Container affecting other products. Vulnerability Details CVEID:CVE-2023-32328 DESCRIPTION: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that...

CVE-2024-39703

In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint...

CVE-2024-53688

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...

CVE-2024-53688

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request...

CVE-2024-53688

The CVE-2024-53688 issue affects FXC AE1021 and AE1021PE devices (firmware 2.0.10 and earlier). It is an OS command injection where a logged-in user can execute arbitrary OS commands via a crafted HTTP request, due to improper neutralization of special elements. The vulnerability impact is descri...

The vulnerability of the invscout component in AIX and VIOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the invscout component in AIX and VIOS operating systems is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

Cleo Multiple Products Unauthenticated File Upload Vulnerability

Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autoru...

Cleo VLTrader < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo VLTrader running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...