CVE-2024-34928

A SQL injection vulnerability in /model/updatesubjectrouting.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter...

USN-6756-1: less vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an...

TOTOLINK X5000R port parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R port parameter, which originates from the port parameter of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters, commands, and...

TOTOLINK X5000R password parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R password parameter, which originates from the password parameter of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters,...

VulnCheck KEV: CVE-2022-35555

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.94122, which allows attackers to construct cmdinput parameters for arbitrary command execution...

TOTOLINK X5000R timeout parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

TOTOLINK X5000R pid parameter command injection vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R pid parameter, which originates from the pid parameter of /cgi-bin/cstecgi.cgi failing to properly filter construct command special characters, commands, etc. An...

The vulnerability of the formWlEncrypt function in the microprogramming software of Totolink AC1200 allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the formWlEncrypt function in Totolink AC1200 router microprogramming software is caused by buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cause service failures...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35059

An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands...

NASA AIT-Core 安全漏洞

NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2 that originates from allowing an attacker to execute arbitrary commands...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35060

An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file...

CVE-2024-35060

CVE-2024-35060 affects NASA AIT-Core v2.5.2 due to a flaw in the YAML Python library that allows arbitrary command execution via a crafted YAML file. Affected component: YAML Python library; root cause described as an issue in the library. Impact per sources: attacker-executed commands. Remediati...

PT-2024-26303 · Nasa +1 · Nasa Ait-Core +1

Name of the Vulnerable Software and Affected Versions: NASA AIT-Core version 2.5.2 Description: An issue in the Pickle Python library allows attackers to execute arbitrary commands. Recommendations: For NASA AIT-Core version 2.5.2, at the moment, there is no information about a newer version that...

CVE-2024-35059

CVE-2024-35059 affects NASA AIT-Core v2.5.2 and its Pickle-based processing. Red Hat entries describe an unencrypted network channel enabling a man-in-the-middle, which when chained with CVE-2024-35059 results in unauthenticated, fully remote code execution. The core issue is the use of Pickle wi...

Adobe Dreamweaver OS Command Injection Vulnerability

Adobe Dreamweaver is the United States of America Odooby Adobe company a Windows-based platform to support visual HTML editing and code editing software. An operating system command injection vulnerability exists in Adobe Dreamweaver Desktop prior to version 21.3, which can be exploited by an...

The software of the centralized data storage system management center of Dell Technologies PowerProtect Data Domain Management Center is vulnerable, allowing a intruder to execute arbitrary OS commands.

The software of the Dell Technologies PowerProtect Data Domain Management Center has a vulnerability due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary OS commands...

The vulnerability in the web interface of the operating system administrator FortiOS allows a perpetrator to execute arbitrary commands.

The vulnerability in the Windows operating system’s administrator web interface, FortiOS.sv, relates to operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted HTTP or HTTPS requests...

The vulnerability of the FortiOS operating systems, related to a memory reclamation error, allows a perpetrator to execute arbitrary commands.

The vulnerability of the FortiOS operating systems is related to a memory reclamation error. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...