The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

The vulnerability of the gena.cgi file in D-Link DIR-860L router microprogramming software allows a hacker to cause a service failure or execute arbitrary commands.

The vulnerability of the gena.cgi file of the D-Link DIR-860L router’s microprogramming system lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary commands using a specially...

Atos Eviden iCare 安全漏洞

Atos Eviden iCare is a smart card application from Atos France. A security vulnerability exists in Atos Eviden iCare versions 2.7.1 through 2.7.11, which originated from a vulnerability that allows an attacker to execute arbitrary commands with system privileges on an endpoint hosting the...

The vulnerability of the cgi_FMT_R12R5_1st_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a attacker to execute arbitrary commands.

The vulnerability of the cgiFMTR12R51stDiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...

The vulnerability of the FUN_00415aa4() function (/usr/sbin/shttpd) of the TOTOLINK X6000R router software allows a attacker to execute arbitrary commands.

The vulnerability of the FUN00415aa4 function /usr/sbin/shttpd of the TOTOLINK X6000R router operating system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands using a specially...

[SECURITY] [DLA 3905-1] cups-filters security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3905-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 29, 2024 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5778-1] cups-filters security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5778-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2024 https://www.debian.org/security/faq -...

Arbitrary Command Execution

cups is vulnerable to Arbitrary Command Execution. The libppd function ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as cfGetPrinterAttributes5, can result in user controlled input and ultimately code executi...

CUPS cups-filters command injection vulnerability

CUPS is a standards-based open source printing system. A command injection vulnerability exists in CUPS cups-filters, which can be exploited by an attacker to inject and execute arbitrary commands on the system...

IBM ManageIQ 代码问题漏洞

IBM ManageIQ is an open source cloud management platform from International Business Machines IBM. A code issue vulnerability exists in IBM ManageIQ that stems from allowing a remotely authenticated attacker to execute arbitrary commands on the system by sending a specially constructed request fo...

PT-2024-6501

Name of the Vulnerable Software and Affected Versions cups versions prior to 2.4.11-alt1 cups-browsed versions prior to 2.0.1-0ubuntu2.1 cups-filters affected versions not specified Description The Common UNIX Printing System CUPS and related components, including cups-browsed and cups-filters, a...

The vulnerability of the microprogrammed software for Zyxel NAS326 and Zyxel NAS542 lies in the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed network storage devices Zyxel NAS326 and Zyxel NAS542 is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by...

DedeCMS Command Injection Vulnerability

DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS. The system has content publishing, content management, content editing and content retrieval functions. DedeCMS has a command injection vulnerability that stems from the articlestringmix.php...

OS Command Execution

github.com/chaosblade-io/chaosblade is vulnerable to OS Command Execution. The vulnerability is due to the lack of authentication when using the cmd parameter in the exec.CommandContext function in server mode. It allows an attacker to execute arbitrary OS commands on the server without...

Centreon 安全漏洞

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon version 24.04.2. An attacker can exploit this...

Multiple vulnerabilities in TAKENAKA ENGINEERING digital video recorders

Overview Multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. contain multiple vulnerabilities listed below. Improper authentication CWE-287 - CVE-2024-41929 OS command injection CWE-78 - CVE-2024-43778 Hidden functionality CWE-912 - CVE-2024-47001 Yoshiki Mori, Ushimaru...

Execution With Unnecessary Privileges

github.com/openshift/builder is vulnerable to Execution With Unnecessary Privileges. The vulnerability is caused due to improper validation of the spec.source.secrets.secret.destinationDir attribute, allowing path traversal that enables a malicious user to override executable files inside the...

VulnCheck KEV: CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

VulnCheck KEV: CVE-2024-29269

An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter...