The vulnerability of the JuiceFSRuntime orchestrator environment for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing in Fluid, allows attackers to execute arbitrary commands.

The vulnerability of the JuiceFSRuntime orchestrator for distributed data sets and the open-source Kubernetes accelerator for applications with intensive data processing exists due to the lack of measures taken to eliminate special elements used in the operating system command set. Exploiting thi...

The vulnerability of the Cockpit server management system, related to the failure to take measures for data cleaning at the management level, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Cockpit server management system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

The vulnerability of the client framework for AI and Python Ray application scaling application programming interface allows a attacker to execute arbitrary commands.

The vulnerability of the Client framework for AI and Python Ray application development lies in insufficiently checking incoming requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially crafted requests...

CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

CVE-2024-30891

A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution...

Visual Planning 8 Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Title ===== SCHUTZWERK-SA-2023-004: Authentication Bypass via Password Reset Functionality in Visual Planning Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2023-49232 Link ====...

CVE-2024-30891

CVE-2024-30891 affects Tenda AC18 (v15.03.05.05) and concerns a command injection vulnerability in the /goform/exeCommand API endpoint. The issue allows an attacker to craft cmdinput parameters to achieve arbitrary command execution, with impact to confidentiality, integrity, and availability des...

The vulnerability of the microprogrammed software of TP-Link Wi-Fi routers such as EX20v, AX1800, Archer C5v AC1200, TD-W9970, and TD-W9970v3 exists due to the lack of measures to neutralize the special elements used in the operating system. This vulnerability allows a perpetrator to execute arbitrary commands.

The vulnerability of the microprogrammed software of TP-Link Wi-Fi routers such as EX20v, AX1800, Archer C5v AC1200, TD-W9970, and TD-W9970v3 exists due to the lack of measures taken to neutralize the special elements used in the operating system. Exploiting this vulnerability can allow a hacker ...

[SECURITY] [DSA 5655-1] cockpit security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5655-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 04, 2024 https://www.debian.org/security/faq -...

CVE-2024-29192

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

CVE-2024-29192 GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

CVE-2024-29192 GHSL-2023-206 gotortc Cross-Site Request Forgery vulnerability

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...

CVE-2024-2692

SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS...

CVE-2024-2692

CVE-2024-2692 affects SiYuan version 3.0.3, with a Server-Side XSS weakness that allows an attacker to execute arbitrary commands on the server. The vulnerability is described across multiple sources as enabling remote command execution due to improper handling of input leading to server-side cod...

PT-2024-21583 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: SiYuan version 3.0.3 Description: The issue allows executing arbitrary commands on the server due to the application being vulnerable to Server Side XSS. Recommendations: For SiYuan version 3.0.3, update to a version that fixes the Server Sid...

TP-LINK AX1500 OS Command Injection Vulnerability

The TP-LINK AX1500 is a modem from China P&L TP-LINK. The TP-LINK AX1500 suffers from an operating system command injection vulnerability that arises from an improper neutralization of special elements used in operating system commands, which can be exploited by an attacker to cause arbitrary...

Netgear R6850 安全漏洞

The NETGEAR R6850 is a wireless router from NETGEAR. The NETGEAR R6850 suffers from a command injection vulnerability that stems from the ntpserver parameter failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this vulnerability to cause...

NETGEAR R6850 安全漏洞

The NETGEAR R6850 is a wireless router from NETGEAR. The NETGEAR R6850 suffers from a command injection vulnerability that stems from the c4-IPAddr parameter failing to properly filter constructed command special characters, commands, and so on. An attacker can exploit this vulnerability to cause...

The vulnerability of the dashboard component of the application scaling framework for AI and Python Ray applications, which allows a hacker to execute arbitrary commands.

The vulnerability of the dashboard framework for scaling AI and Python Ray applications exists due to the failure to address the issues related to the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...