The vulnerability of the FontForge font editing software lies in its lack of measures to neutralize special elements used in operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of the FontForge font editing software exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

CVE-2024-26296

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

USN-6664-1 less vulnerability

It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a crash or execute arbitrary commands...

baserCMS 安全漏洞

baserCMS is an enterprise-level content management system CMS from the baserCMS team. A command injection vulnerability exists in versions of baserCMS prior to 5.0.9, which stems from a failure to properly filter constructed command special characters, commands, etc. in the site search function. ...

The vulnerability of the uHTTPd web server, a microprogramming-based software for TP-Link ER7206 Omada VPN routers, allows attackers to execute arbitrary commands.

The vulnerability of the uHTTPd web server of the TP-Link ER7206 Omada VPN router exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-24334

A stack overflow vulnerability in Tenda AC23 with firmware version USAC23V1.0reV16.03.07.45cnTDC01 allows attackers to run arbitrary commands via schedStartTime parameter...

AIX is vulnerable to arbitrary command execution due to Perl (CVE-2024-25021 CVE-2023-47038 CVE-2023-47100)

IBM SECURITY ADVISORY First Issued: Wed Feb 21 15:59:59 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory8.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl CVE-2024-25021,...

CVE-2023-24333

A stack overflow vulnerability in Tenda AC21 with firmware version USAC21V1.0reV16.03.08.15cnTDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/openSchedWifi...

Tenda AC6 安全漏洞

Shenzhen Jixiang Tenda Technology Co., Ltd AC6 is a dual-band wireless router from Tenda Tenda, supporting IPv4 and IPv6 protocols, adopting 802.11ac/n wireless standard and providing 1167Mbps wireless transmission rate. Ltd. AC6 suffers from a stack buffer overflow vulnerability that originates...

Tenda AC23 安全漏洞

Tenda AC23 is a dual-band wireless router from Tenda that supports 802.11acWave2 technology with dual-band concurrent transmission rates up to 2033Mbps, including up to 1733Mbps in the 5GHz band, which is suitable for high-bandwidth applications such as 4K video and online live streaming. The Ten...

CVE-2023-24332

A stack overflow vulnerability in Tenda AC6 with firmware version USAC6V5.0reV03.03.02.01cnTDC01 allows attackers to run arbitrary commands via crafted POST request to /goform/PowerSaveSet...

D-Link DIR-816 Security Vulnerability

The D-Link DIR-816 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-816 DIR-816A2v1.10CNB04 firmware version, which originated from allowing an attacker to run arbitrary commands via the urlAdd parameter...

CVE-2023-24334

The set of sources confirms a stack overflow vulnerability in Tenda AC23 routers (firmware US_AC23V1.0re_V16.03.07.45_cn_TDC01). The flaw is triggered via the schedStartTime parameter, enabling an attacker to run arbitrary commands. Affected component: likely the device’s input handling surroundi...

CVE-2022-48624

A flaw was found in less. The closealtfile function in filename.c omits shellquote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system...

CVE-2024-1297

Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection...

The server for managing Fortinet FortiClient Enterprise Management Server (EMS) is vulnerable due to insecure privilege management, allowing attackers to execute arbitrary commands.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server relates to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially crafted HTTP or HTTPS requests...

Dell Unity Command Injection Vulnerability (CNVD-2024-09162)

Dell Unity is a unified hybrid storage array for general purpose workloads both locally and in the cloud. A command injection vulnerability exists in Dell Unity, which can be exploited by a local attacker to execute arbitrary operating system commands on the application's underlying operating...

PT-2024-18199 · Unknown · Torrentpier

Name of the Vulnerable Software and Affected Versions: Torrentpier version 2.4.1 Description: The issue allows executing arbitrary commands on the server due to the application being vulnerable to insecure deserialization. Recommendations: For Torrentpier version 2.4.1, as a temporary workaround,...

PT-2024-4011 · Less +9 · Less +9

Name of the Vulnerable Software and Affected Versions: less versions prior to 606 Description: The issue is related to the close altfile function in filename.c, which omits shell quote calls for LESSCLOSE. This can allow an attacker to execute arbitrary commands. Recommendations: For versions pri...

CVE-2024-25413

A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file...