VulnCheck KEV: CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed for the IBM Power architecture by International Business Machines IBM. A security vulnerability exists in IBM AIX version 7.2, 7.3, VIOS version 3.1, and VIOS version 4.1. An attacker could exploit this vulnerability to execute...

LlamaIndex Code Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A code injection vulnerability exists in LlamaIndex version 0.9.47, which stems from improper use of the eval function and allows a malicious or compromised LLM hosting provider to execute arbitrary command...

Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1668)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)

IBM SECURITY ADVISORY First Issued: Wed May 15 17:28:09 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscoutadvisory6.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout CVE-2024-27260...

Fortinet FortiProxy Command Execution Vulnerability (CNVD-2024-26504)

Fortinet FortiProxy is a secure network proxy from Fortinet that protects employees from cyberattacks by combining multiple detection technologies such as Web filtering, DNS filtering, DLP, anti-virus, intrusion prevention, and advanced threat protection.FortiProxy helps reduce bandwidth...

The vulnerability of the text terminal utility for UNIX-like systems, Less, is related to the lack of measures taken to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the text terminal utility for UNIX-like systems is related to incorrect handling of quotes in the file filename.c. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R password parameter, which originates from the password parameter of /cgi-bin/cstecgi.cgi failing to properly filter constructed command special characters,...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R timeout parameter, which originates from the failure of the timeout parameter of /cgi-bin/cstecgi.cgi to properly filter constructed command special characters,...

PT-2024-24109 · Hewlett Packard +1 · Aos-8 Instant/Aos-10 Ap +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities results i...

CVE-2024-35205

The WPS Office aka cn.wps.mofficeeng application before 17.0.0 for Android fails to properly sanitize file names before processing them through external application interactions, leading to a form of path traversal. This potentially enables any application to dispatch a crafted library file, aimi...

The vulnerability of the hnap_main() function in D-Link DIR-845L router microprogramming software allows a hacker to bypass security restrictions and execute arbitrary commands.

The vulnerability of the hnapmain function in D-Link DIR-845L router microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system’s command for processing the SOAP request purenetworks.com/HNAP1/GetDeviceSettings. Exploiting this...

Linksys E5600 Command Injection Vulnerability

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A command injection vulnerability exists in the Linksys E5600 v1.1.0.26, which stems from the failure of the PinCode parameter of the /API/info form endpoint to properly filter constructed command special characters...

RHEL 7 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - The conver...

RHEL 6 : mercurial (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mercurial: arbitrary command execution in mercurial repo with a git submodule CVE-2017-17458 - mercurial:...

Linksys E5600 Command Injection Vulnerability

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys USA. A command injection vulnerability exists in Linksys E5600 v1.1.0.26, which stems from the ipurl parameter failing to correctly filter constructed command special characters, commands, and so on. An attacker can...

Command Execution Vulnerability in Yisetong Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-24396)

Yisetong electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic...

PT-2024-4483 · Lenovo · Lenovo Service Bridge

Name of the Vulnerable Software and Affected Versions: Lenovo Service Bridge versions prior to 5.0.2.17 Description: A privilege escalation issue was reported that could allow operating system commands to be executed if a specially crafted link is visited. The vulnerability is related to the...

CVE-2024-25533

Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website /WorkFlow/OfficeFileUpdate.aspx. This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements...

CVE-2024-34257

TOTOLINK EX1800T V9.1.0cu.2112B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges...