Dassault Systemes BIOVIA Materials Studio Security Vulnerability

Dassault Systemes BIOVIA Materials Studio is a software for materials simulation and modeling from Dassault Systemes France. A security vulnerability exists in Dassault Systemes BIOVIA Materials Studio versions 2021 through 2023, which stems from an operating system command injection vulnerabilit...

The vulnerability of the ILIAS learning management and support system, related to the improper implementation of the sequence of actions to be performed, allows a perpetrator to execute arbitrary system commands on the application server.

The vulnerability of the ILIAS learning management and support system is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands on the application server remotely...

GO-2024-2462 Arbitrary command execution in github.com/0xJacky/Nginx-UI

Arbitrary command execution in github.com/0xJacky/Nginx-UI...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a command injection vulnerability that stems from the port and enable parameters of the setRemoteCfg method faili...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the enable parameter of the setPortForwardRules method failing to correctly filter construct command specia...

FFmpeg Command Execution Vulnerability (CNVD-2024-28709)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A command execution vulnerability exists in versions of Ffmpeg prior to n6.1, which can be exploited by an attacker to execute arbitrary commands on a system...

PT-2024-20053 · Notion · Notion Web Clipper

Name of the Vulnerable Software and Affected Versions: Notion Web Clipper version 1.0.37 Description: The Notion Web Clipper is susceptible to the Dirty NIB attack, where .nib files can be manipulated to execute arbitrary commands. Even if a .nib file is modified within an application, Gatekeeper...

TOTOLINK X2000R Command Injection Vulnerability

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics that supports Easy Mesh feature and provides Gigabit internet connection and VPN service. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from the failure of sub449040 in /bin/boa to properly filter...

CVE-2023-38319

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

openNDS Security Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS prior to version 10.1.3 that stems from an inability to clean up a stateful path script entry in a configuration file, which could allow an attacker with direct or indirect...

openNDS Security Vulnerabilities

openNDS is openNDS open source a high-performance, small footprint portal system. A security vulnerability exists in openNDS prior to version 10.1.3 that stems from an inability to clean up a network interface name entry in a configuration file, allowing an attacker with direct or indirect access...

OpenNDS Security Vulnerabilities

openNDS is openNDS open source a high performance, small footprint portal system. A security vulnerability exists in OpenNDS prior to version 10.1.3 that stems from an inability to clean up a FAS key entry in a configuration file, allowing an attacker with direct or indirect access to the file to...

CVE-2023-38318

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

TOTOLINK A3700R Command Injection Vulnerability

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3700R is vulnerable to a command injection vulnerability that stems from the setOpModeCfg method failing to properly filter constructed command special characters, commands, and more. An attacker can...

CVE-2023-38318

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

TOTOLINK X2000R 安全漏洞

TOTOLINK X2000R is a WiFi 6 router from China's Gion Electronics that supports Easy Mesh feature and provides Gigabit internet connection and VPN service. The TOTOLINK X2000R suffers from a command injection vulnerability that stems from the failure of sub449040 in /bin/boa to properly filter...

CVE-2023-52040

An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub41284C function...

CVE-2023-52039

An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415AA4 function...

CVE-2023-52040

An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub41284C function...

Design/Logic Flaw

An issue discovered in TOTOLINK X6000R v9.4.0cu.852B20230719 allows attackers to run arbitrary commands via the sub415C80 function...