Cleo VLTrader < 5.8.0.24 Unauthenticated Arbitrary Command Execution (CVE-2024-55956)

The version of Cleo VLTrader running on the remote host is prior to 5.8.0.24. It is, therefore, affected by an unauthenticated arbitrary command execution vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2024-52058 Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in RTI Connext Professional System Designer allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19...

CVE-2024-52058 Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in RTI Connext Professional System Designer allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19...

CVE-2024-55956

In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. Recent assessments: sfewer-r7 at December 16...

Dell RecoverPoint for Virtual Machines 安全漏洞

Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. A command injection vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1 P1,...

The vulnerability of the Veritas NetBackup software for backup and data restoration operations, related to an uncontrolled search path element, allows attackers to escalate their privileges and execute arbitrary commands.

The vulnerability of the Veritas NetBackup backup and recovery software relates to an uncontrolled element of the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary commands by loading malicious DLL libraries...

The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform allows a hacker to execute arbitrary commands.

The vulnerability of the NuPoint Unified Messaging component of the Mitel MiCollab collaboration platform is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially created data...

Arbitrary Command Execution

k8s.io/kubernetes is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper validation and handling of gitRepo volumes in the Kubernetes kubelet component, which allows malicious actors to execute arbitrary commands by exploiting the way these volumes are processed...

MGASA-2024-0389 Updated kubernetes packages fix security vulnerabilities

A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures...

IBM App Connect Enterprise Operating System Command Injection Vulnerability

IBM App Connect Enterprise is an operating system from IBM.IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to provide a platform that meets the comprehensive integration needs of the...

AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-47115)

IBM SECURITY ADVISORY First Issued: Thu Dec 5 15:38:05 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscoutadvisory7.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout CVE-2024-47115...

The vulnerability of the drawio diagram-building software lies in the improper neutralization of special elements used in the OS command. This allows a hacker to execute arbitrary commands.

The vulnerability of the software for creating Drawio diagrams is related to the improper neutralization of special elements used in the OS command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the tmp_get_sites function in TP-Link Archer Series, TP-Link Deco Series, and TP-Link Tapo Series routers allows a hacker to execute arbitrary commands.

The vulnerability of the tmpgetsites function in TP-Link Archer Series, TP-Link Deco Series, and TP-Link Tapo Series routers lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

VulnCheck KEV: CVE-2024-47133

UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands...

QNAP Notes Station 3 Command Injection Vulnerability

QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a command injection vulnerability, which stems from the application faili...

PT-2024-9438 · I O Data Device · Ud-Lt1/Ex +1

Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.9 and earlier I-O Data Device UD-LT1/EX versions 2.1.9 and earlier Description: The issue allows a remote authenticated attacker with an administrative account to execute arbitrary OS commands. This is due ...

Cisco Unified Computing System Command Injection (CVE-2017-12341)

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...

AutoGPT SSTI Vulnerability Leading to Remote Code Execution (RCE)

Summary AutoGPT, an open-source AI tool that automates task execution, is vulnerable to a Server-Side Template Injection SSTI that could lead to arbitrary command execution. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation,...

CVE-2024-53940

An issue was discovered in Victure RX1800 WiFi 6 Router software ENV1.0.0r12110933, hardware 1.0 devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling...

Axis Communications Network Cameras and Video Servers Arbitrary OS Commands Execution (CVE-2004-2425)

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent and possibly other shell metacharacters in the query string to virtualinput.cgi. This plugin only works with Tenable.ot. Please visit...