OS Command Injection

Nuclei is vulnerable to OS Command Injection. The vulnerability is due to the -code option in code templates, allowing users to edit and execute workflow files in some web applications, leading to arbitrary command execution...

CVE-2024-6542 Livestatus injection in mknotifyd

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk = 2.0.0p39, 2.1.0p47, 2.2.0p32 and 2.3.0p11 allows arbitrary livestatus command execution...

TOTOLINK A6000R 安全漏洞

TOTOLINK A6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A6000R suffers from a command injection vulnerability that stems from the ifname parameter in the apclidoenrpinwps function failing to properly filter construct command special characters, commands, and so o...

The vulnerability of the UserScriptHumster class in the SolarWinds Access Rights Manager (ARM) access control software allows a perpetrator to execute arbitrary commands.

The vulnerability of the UserScriptHumster class in the SolarWinds Access Rights Manager ARM access control software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

CVE-2024-40644

gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account on Windows systems. Windows permits limited user accounts without administrative privileges to create new...

SQL Injection Vulnerability in e-cology 9 of Shanghai Panmicro Network Technology Co.

e-cology 9 is a large-scale collaborative management platform for enterprises. A SQL injection vulnerability exists in e-cology 9 of Shanghai Panmicro Network Technology Co. Under default configuration, an unauthorized attacker can exploit this vulnerability to execute arbitrary SQL statements,...

CVE-2024-40735

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/id/edit/...

CVE-2024-40736

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add...

CVE-2024-40728

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/id/edit/...

CVE-2024-40729

NetBox v4.0.3 is affected by a cross-site scripting (XSS) vulnerability in the Name parameter of the /dcim/interfaces/add/ form. The vulnerability arises from insufficient filtering/escaping of user input, allowing an attacker to inject arbitrary HTML/JS into the page. Documents consistently iden...

CVE-2024-40733

NetBox v4.0.3 is affected by a cross-site scripting (XSS) vulnerability that allows execution of arbitrary web scripts/HTML via a crafted payload injected into the Name field at /dcim/front-ports/{id}/edit/. The Red Hat entry and CNVD/CNNVD entries corroborate this issue. The Connected documents ...

CVE-2024-40726

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/id/edit/...

CVE-2023-50381

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

CVE-2024-6052

CVE-2024-6052 describes a stored XSS in Checkmk affecting versions prior to 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL). The vulnerability arises in Checkmk’s web application where HTML elements injected by an attacker can execute arbitrary scripts. The connected documents consistently identify ...

Exploit for Use After Free in Arm Avalon_Gpu_Kernel_Driver

Exploit for CVE-2022-46395 The write up can be found here...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found here...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-30047)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 安全漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

BIT-PHP-2024-4577 Argument Injection in PHP-CGI

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...