CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device...

CVE-2024-10118

CVE-2024-10118 affects SECOM WRTR-304GN-304TW-UPSC. The issue is an OS command injection caused by improper input filtering in a specific device functionality, allowing unauthenticated remote attackers to inject and execute arbitrary system commands. The vulnerability is rated CVSS v3.1: Network ...

CVE-2024-10118 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device...

CVE-2024-9924

CVE-2024-9924 describes an Arbitrary File Read and Delete vulnerability in HGiga OAKlouds. An unauthenticated remote attacker can request specific files and download arbitrary system files, with reports indicating the files may be deleted after download. The issue is connected to CVE-2024-26261, ...

CVE-2024-9922

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files...

PT-2024-39937 · Teamplus Technology · Team+

Name of the Vulnerable Software and Affected Versions: Team+ versions affected versions not specified Description: The issue is related to the improper validation of a specific page parameter in Team+ by TEAMPLUS TECHNOLOGY, allowing unauthenticated remote attackers to read arbitrary system files...

CVE-2024-8777 The SYSCOM Group OMFLOW - Information Leakage

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

LearningDigital Orca HCM 路径遍历漏洞

LearningDigital Orca HCM is a digital learning platform from China-based LearningDigital. A path traversal vulnerability exists in LearningDigital Orca HCM versions prior to 11.0, which arises from improperly restricting certain parameters of the file download function, allowing a remote attacker...

Cambium EPMP 1000 Ping Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cambium ePMP 1000 'ping' Command Injection up to v2.5", 'Description' = % This module exploits an OS Command Injection vulnerability in Cambium...

CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-7694 TeamT5 ThreatSonar Anti-Ransomware - Arbitrary File Upload

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

CVE-2024-6117 Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type

A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file...

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

ServiceNow Template Injection Vulnerability

ServiceNow is a cloud computing platform from US-based ServiceNow, Inc. to help companies manage the digital workflow of their business operations. ServiceNow has a template injection vulnerability, the vulnerability stems from the template is not strictly filtered, an attacker can use the...

CVE-2024-6744

The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Overflow vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the remote server...

CVE-2024-5672

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command...

CVE-2024-5672 Red Lion Europe: mbNET.mini vulnerable to OS command injection

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command...

CVE-2024-5672

CVE-2024-5672 affects MB Connect Line mbNET.mini (industrial router) up to version 2.2.11, with the issue caused by improper neutralization of special elements in OS commands. This enables a high-privileged, authenticated attacker to inject and execute arbitrary system commands via GET requests, ...

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device...

CVE-2024-6047

CVE-2024-6047 affects GeoVision end-of-life devices. A failure to properly filter input enables OS command injection via unauthenticated remote access (e.g., through the /DateSetting.cgi endpoint), allowing arbitrary command execution with high impact (CVE severity rated up to 9.8 by TWCERT/CTW)....