449 matches found
CVE-2024-4299 HGiga iSherlock - Command Injection
The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enablin...
CVE-2024-4299
CVE-2024-4299 affects HGiga iSherlock and its components (MailSherlock, SpamSherock, AuditSherlock). The root cause is improper filtering of special characters in certain function parameters within the system configuration interface, enabling a remote attacker with administrative privileges to pe...
CVE-2024-4298
The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...
CVE-2024-4298
The CVE-2024-4298 issue affects HGiga iSherlock and its components (MailSherlock, SpamSherock, AuditSherlock). The root cause is improper filtering of special characters in certain function parameters within the email search interface, enabling command injection when exploited by an admin user. I...
CVE-2024-4298 HGiga iSherlock - Command Injection
The email search interface of HGiga iSherlock including MailSherlock, SpamSherock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling...
CVE-2024-4296
The account management interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...
CVE-2024-4296 HGiga iSherlock - Arbitrary File Download
The account management interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...
CVE-2024-4296
The CVE-2024-4296 entry concerns HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock). The vulnerability arises from inadequate filtering of special characters in certain function parameters in the account management interface, enabling remote attackers with administrative privil...
CVE-2024-1655 ASUS WiFi Router - OS Command Injection
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request...
PT-2024-18203 · Asus · Asus Wifi Routers
Name of the Vulnerable Software and Affected Versions: ASUS WiFi routers affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request, due to an OS Command Injection vulnerability...
CVE-2024-2389 Flowmon Unauthenticated Command Injection Vulnerability
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...
Cross-site Request Forgery (CSRF)
phpPgAdmin is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient validation of the request source in the "database.php" area of phpPgAdmin. This allows sensitive actions to be performed without proper verification of the request's origin. A remote attacker can...
Command injection
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/startupdate...
CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...
CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...
CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...
CVE-2024-25428
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...
Sql injection
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...
CVE-2024-25428
SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...
Bosch Nexo cordless nutrunner security breach
Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows a remote attacker to download arbitrary files in all system paths via a crafted HTTP...