WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the restartminvalue parameter of the login.cgi setsysinit function failing to correctly filter the constructor command special...

WAVLINK AC3000 安全漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. A command injection vulnerability exists in the WAVLINK AC3000 M33A8.V5030.210505 version, which stems from the nas.cgi setnas function failing to correctly filter constructed command special characters, commands, and so on. An attack...

PT-2025-28863

Name of the Vulnerable Software and Affected Versions: Gitk versions 2.41.0 through 2.43.6 Git versions 2.50.1-alt1 Description: Gitk, a Tcl/Tk based Git history browser, contains a flaw where a crafted Git repository can be used to trick a user into executing arbitrary scripts with their user...

WordPress plugin The kk Star Ratings 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in the WordPress...

Park Ticketing Management System /index.php File SQL Injection Vulnerability

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. The vulnerability can be exploited to execute arbitrary SQ...

Ubuntu: Security Advisory (USN-7157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-55879 XWiki allows RCE from script right in configurable sections

XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of XWiki.ConfigurableClass to any page. This compromises the confidentiality, integrity and...

CVE-2024-55579

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14,...

Qlik Sense 安全漏洞

Qlik Sense is an application from Qlik, Inc. that allows users to create visualizations, charts, interactive dashboards, and analytical applications for local and offline use. A security vulnerability exists in Qlik Sense Enterprise for Windows prior to November 2024 IR, which stems from the fact...

CVE-2024-10952 Authors List <= 2.0.4 - Unauthenticated Arbitrary Shortcode Execution via update_authors_list_ajax

The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via updateauthorslistajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running...

Victure RX1800 WiFi 6 安全漏洞

The Victure RX1800 WiFi 6 is a wireless router from Victure. A security vulnerability exists in the Victure RX1800 WiFi 6 that stems from vulnerability to a command injection attack, where an attacker is able to execute arbitrary commands on the device via carefully crafted input...

The vulnerability of the needrestart utility, which stems from the failure to take measures to neutralize special elements used in the operating system’s command line, allows a malicious user to execute arbitrary shell commands with root privileges.

The vulnerability of the needrestart utility is related to the failure to take measures to neutralize special elements used in the operating system’s command syntax. Exploiting this vulnerability allows an attacker to execute arbitrary shell commands with root privileges...

CVE-2024-28025

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-29224

Summary: CVE-2024-29224 affects GoCast 1.1.3. The NAT parameter in the GoCast HTTP API can be abused to trigger OS command injection, enabling arbitrary command execution via an unauthenticated HTTP request. The root cause is the nat string being concatenated into a system command (iptables) with...

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2024-28025

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

CVE-2024-28027

MC Technologies MC LR Router 2.10.5 exposes three OS command injection flaws in the web interface I/O configuration CGI (/cgi-bin/p/adm/io). An authenticated HTTP request can reach three parameters—btn1 , out1 , and timer1 —where attacker-controlled values are directly passed to system calls, res...

Apple Multiple Products Code Execution Vulnerability

Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution...

CVE-2024-11036 GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings

The The GamiPress – The 1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipressgetuserearnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing...