SUSE CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the...

Pandora Security Breach

Pandora is an analytics framework used to find out if a file is suspicious and display the results conveniently. A security vulnerability exists in Pandora FMS versions 700 through prior to 777 that stems from improper input validation, which could allow an attacker to execute arbitrary system...

Vulnerability of the close_altfile() function (filename.c) for UNIX-like system text terminals: allowing attackers to execute arbitrary commands

The vulnerability of the closealtfile function filename.c for UNIX-like system text terminals is related to the omission of the Shellquote call for LESSCLOSE. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

CVE-2024-5585

The CVE-2024-5585 issue affects PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8. It is a follow-on to CVE-2024-1874: the fix for that vulnerability does not work when the command name includes trailing spaces while using proc_open() with array syntax, enabling potent...

CVE-2024-36604

Tenda O3V2 v1.0.0.123880 was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function. This vulnerability allows attackers to execute arbitrary commands with root privileges...

Arbitrary Command Execution

typo3/cms is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper handling of the "From" header when an email comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands on the server. Note that...

RHEL 6 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - mercurial:...

RHEL 8 : git (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially...

RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The...

TOTOLINK CP900L NTPSyncWithHost Function Command Injection Vulnerability

The TOTOLINK CP900L is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK CP900L NTPSyncWithHost function, which can be exploited by an attacker to execute arbitrary commands...

Tenda FH1206 mac parameter command injection vulnerability

The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 suffers from a command injection vulnerability, which originates from the mac parameter of ip/goform/WriteFacMac failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...

CVE-2024-33808

A SQL injection vulnerability in /model/gettimetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33803

A SQL injection vulnerability in /model/getexam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

CVE-2024-33800

A SQL injection vulnerability in /model/getstudent1.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter...

CVE-2024-35397

TOTOLINK CP900L v4.1.5cu.798B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

[SECURITY] [DLA 3823-1] less security update

Debian LTS Advisory DLA-3823-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 27, 2024 https://wiki.debian.org/LTS Package : less Version : 487-0.1+deb10u1 CVE ID : CVE-2022-48624 CVE-2024-32487 Debian Bug : 1064293 1068938 Security vulnerabilities were found ...

CVE-2024-5035

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...

CVE-2024-5035 TP-Link Archer C5400X - RFTest Unauthenticated Command Injection

The affected device expose a network service called "rftest" that is vulnerable to unauthenticated command injection on ports TCP/8888, TCP/8889, and TCP/8890. By successfully exploiting this flaw, remote unauthenticated attacker can gain arbitrary command execution on the device with elevated...

Debian dla-3823 : less - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3823 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3823-1 [email protected]...

Tenda FH1206 安全漏洞

The Tenda FH1206 is a wireless router from Tenda China. The Tenda FH1206 suffers from a command injection vulnerability, which originates from the mac parameter of ip/goform/WriteFacMac failing to correctly filter constructed command special characters, commands, etc. The vulnerability can be...