Tenda AC10 OS Command Injection Vulnerability (CNVD-2024-15743)

The Tenda AC10 is a wireless router from the Chinese company Tenda. Tenda AC10U version 15.03.06.49 suffers from an operating system command injection vulnerability, which originates from the mac parameter of the formWriteFacMac function of the /goform/WriteFacMac file failing to correctly filter...

PT-2024-19418 · Csmock · Csmock

Name of the Vulnerable Software and Affected Versions: csmock affected versions not specified Description: A vulnerability was found in csmock where a regular user of the OSH service, with a valid Kerberos ticket, can disclose the confidential Snyk authentication token and run arbitrary commands ...

CVE-2024-28117

Grav (CVE-2024-28117) is vulnerable to Server-Side Template Injection due to improper validation of accessible functions: Utils::isDangerousFunction checks are bypassed for twig_array_map, allowing an attacker to execute arbitrary commands via the Twig processor when static pages are processed. A...

CVE-2024-28848 SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` in OpenMetadata

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The ‎CompiledRule::validateExpression method evaluates an SpEL expression using an StandardEvaluationContext, allowing the...

OESA-2024-1293 aops-zeus security update

A host and user manager service which is the foundation of aops. Security Fixes: In aops-zeus software versions 1.2.01.4.1, there is a vulnerability in the plugin management command of the zeus/conf/constant file. Through this vulnerability, an attacker can implant arbitrary commands to be execut...

The vulnerability of the CLI interface of ArubaOS operating systems allows a perpetrator to execute arbitrary commands.

The vulnerability of the CLI interface of ArubaOS operating systems is related to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795), arbitrary command execution (CVE-2023-51385), and information disclosure (CVE-2023-51384) due to OpenSSH

Summary Vulnerabilities in AIX's OpenSSH could allow a remote attacker to launch a machine-in-the-middle attack CVE-2023-48795 and execute arbitrary commands CVE-2023-51385, and could allow a local authenticated attacker to obtain sensitive information CVE-2023-51384. OpenSSH is used by AIX for...

BaserCMS Command Injection Vulnerability (CNVD-2024-13537)

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A command injection vulnerability exists in versions of baserCMS prior to 5.0.9, which stems from a failure to properly filter constructed command special characters, commands, etc. in the site search function. ...

Microsoft Windows Multiple Vulnerabilities (KB5035858)

This host is missing a critical security update according to Microsoft KB5035858 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-NGINX-INGRESS-CONTROLLER-2023-5043 Ingress nginx annotation injection causes arbitrary command execution

Ingress nginx annotation injection causes arbitrary command execution...

CVE-2024-25611

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system...

The vulnerability of the microprogrammed anti-vandalism network IP station Commend WS203VICM, related to access control deficiencies, allows a intruder to execute arbitrary commands.

The vulnerability of the microprogrammed anti-vandalism network IP station Commend WS203VICM is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created request...

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe—is related to unlimited resource distribution. This allows attackers to execute arbitrary commands.

The vulnerability of the SCP utility for access control and remote authentication, as well as software such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP...

The vulnerability of the VirusEvent function in the ClamD service of the ClamAV antivirus software allows a hacker to execute arbitrary commands.

The vulnerability of the VirusEvent function in the ClamD service of the ClamAV antivirus software exists because measures to neutralize special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a hacker to execute arbitrary commands...

CVE-2024-1624

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release...

Command injection

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release...

CVE-2024-1624 OS Command Injection vulnerability affecting documentation server on certain Releases of 3DEXPERIENCE, SIMULIA Abaqus, SIMULIA Isight and CATIA Composer

An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release...

CVE-2023-25925

CVE-2023-25925 affects IBM Security Guardium Key Lifecycle Manager (GKLM) across multiple releases (3.0, 3.0.1, 4.0, 4.1, 4.1.1). A remote authenticated attacker can execute arbitrary commands on the system by sending a specially crafted request, as documented by IBM and Red Hat in their vendor a...

AIX is vulnerable to a machine-in-the-middle attack (CVE-2023-48795) arbitrary command execution (CVE-2023-51385) and information disclosure (CVE-2023-51384) due to OpenSSH

IBM SECURITY ADVISORY First Issued: Wed Feb 28 12:58:51 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opensshadvisory16.asc Security Bulletin: AIX is vulnerable to a machine-in-the-middle attack CVE-2023-48795, arbitrary...

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-882 A1 wireless router software allows a attacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the HNAP1 protocol implementation in D-Link DIR-882 A1 wireless routers’ microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to enhanc...