CVE-2024-34195

TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlanssid field. This oversight leads to potential buffer overflow under specific...

FreeBSD : Gitlab -- vulnerabilities (49ef501c-62b6-11ef-bba5-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 49ef501c-62b6-11ef-bba5-2cf05da270f3 advisory. Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When...

CVE-2024-7110

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection...

CVE-2024-7110

Removed by vendor...

Multiple Safie products vulnerable to improper server certificate verification

Overview Multiple Safie products are vulnerable to improper server certificate verification CWE-295. The product can be operated via port 11029/TCP and Bluetooth, and its communications are AES encrypted. The product user can obtain the encryption key from the cloud server based on the...

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 17.0 through 17.1.6, 17.2 through 17.2.4, and 17.3 through 17.3.1, which stems from an arbitrary command that can be executed via...

CVE-2024-42786

Affected software/version: Kashipara Music Management System v1.0. Component/endpoint: /music/view_user.php (View User Profile Page) vulnerable via the id parameter. Root cause: lack of validation/external SQL input leading to SQL injection. Impact: attacker can execute arbitrary SQL commands, po...

Gitlab -- vulnerabilities

Gitlab reports: The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases Denial of Service by importing maliciously crafted GitHub repository Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline ...

TOTOLINK X6000R Command Injection Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK X6000R version 9.4.0cu.85220230719 suffers from a command injection vulnerability that originates from the parameter rtLogServer in the file /cgi-bin/cstecgi.cgi that can lead to command injection. An attacker c...

TOTOLINK X5000R Operating System Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. An attacker can exploit this vulnerability by sending malicious packets to execute arbitrary commands...

EUVD-2024-39804

In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verification for the SID field in gena.cgi. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands...

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

CVE-2024-42947

An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 408 allows attackers to execute arbitrary commands via a crafted HTTP request...

Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection. An attacker can execute arbitrary system commands with the privileges of the application by leveraging this scenario. Remediation Upgrade...

TOTOLINK X5000R setWanIeCfg Method Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setWanIeCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...

TOTOLINK X5000R setUPnPCfg Method Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setUPnPCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special...

TOTOLINK X5000R setSyslogCfg Method Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setSyslogCfg method of /cgi-bin/cstecgi.cgi failing to properly filter construct command special...

TOTOLINK X5000R setL2tpServerCfg Method Command Injection Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setL2tpServerCfg method of /cgi-bin/cstecgi.cgi failing to properly filter constructed command speci...

CVE-2024-41711

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter...

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. An attacker can exploit this vulnerability by sending malicious packets to execute arbitrary commands...