RDoc: Command Injection

Background RDoc produces HTML and command-line documentation for Ruby projects. Description A vulnerability has been discovered in RDoc. Please review the CVE identifier referenced below for details. Impact RDoc used to call Kernelopen to open a local file. If a Ruby project has a file whose name...

PYSEC-2024-146

PaddlePaddle before 2.6.0 has a command injection in convertshapecompare. This resulted in the ability to execute arbitrary commands on the operating system...

PYSEC-2024-146

PaddlePaddle before 2.6.0 has a command injection in convertshapecompare. This resulted in the ability to execute arbitrary commands on the operating system...

PYSEC-2024-143

PaddlePaddle before 2.6.0 has a command injection in wgetdownload. This resulted in the ability to execute arbitrary commands on the operating system...

PYSEC-2024-142

PaddlePaddle before 2.6.0 has a command injection in getonlinepassinterval. This resulted in the ability to execute arbitrary commands on the operating system...

CVE-2023-52310 Command injection in get_online_pass_interval

PaddlePaddle before 2.6.0 has a command injection in getonlinepassinterval. This resulted in the ability to execute arbitrary commands on the operating system...

TOTOLINK EX1800T NTPSyncWithHost Interface Command Execution Vulnerability

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T version v9.1.0cu.2112B20220316. The vulnerability stems from the hosttime parameter of the NTPSyncWithHost interface of cstecgi .cgi failing to...

TOTOLINK EX1200L setOpModeCfg Interface Command Execution Vulnerability

TOTOLINK EX1200L is a dual-band wireless signal booster, mainly used to extend Wi-Fi coverage in home or office environments, solving the problem of weak signals or dead spots. The TOTOLINK EX1200L suffers from a command execution vulnerability that stems from the setOpModeCfg interface of...

TOTOLINK EX1200L NTPSyncWithHost Interface Command Execution Vulnerability

TOTOLINK EX1200L is a dual-band wireless signal booster, mainly used to extend Wi-Fi coverage in home or office environments, solving the problem of weak signals or dead spots. The TOTOLINK EX1200L suffers from a command execution vulnerability that stems from the NTPSyncWithHost interface of...

TOTOLINK EX1800T cstecgi.cgi enable Parameter Arbitrary Command Execution Vulnerability

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. The TOTOLINK EX1800T suffers from a command execution vulnerability tha...

TOTOLINK EX1800T cstecgi.cgi lanPriDns Parameter Arbitrary Command Execution Vulnerability

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. A command execution vulnerability exists in the TOTOLINK EX1800T, which...

TOTOLINK EX1800T cstecgi.cgi lanNetmask Parameter Arbitrary Command Execution Vulnerability

TOTOLINK EX1800T is a Wi-Fi range extender from China's TOTOLINK, which supports Wi-Fi 6 technology and enhances signal coverage by connecting wirelessly to a router, making it suitable for home and small office environments. A command execution vulnerability exists in the TOTOLINK EX1800T, which...

PT-2024-62: SQL Injection in Vinteo Videoconferencing Server

The vulnerability was identified in Vinteo Videoconferencing Server, version 29.2.18. The discovered vulnerability can be exploited by an authorized attacker to execute arbitrary SQL queries, which can lead to the possibility of executing arbitrary commands with superuser rights. Vulnerability...

WordPress Backup Migration Plugin < 1.4.0 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:backupbliss:backupmigration"; if description...

PT-2023-8530 · Buffalo · Buffalo Vr-S1000

Name of the Vulnerable Software and Affected Versions: BUFFALO VR-S1000 versions 2.37 and earlier Description: The issue is related to the improper neutralization of argument delimiters in a command, also known as an 'Argument Injection' vulnerability. This allows an authenticated attacker who ca...

Design/Logic Flaw

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

WordPress plugin Backup Migration security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2023-51015

TOTOLINX EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi...

CVE-2023-51035

TOTOLINK EX1200L V9.3.5u.6146B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface...

CVE-2023-51016

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi...