CVE-2024-12828

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

CVE-2024-12828

CVE-2024-12828 affects Webmin CGI handling, where unsanitized user input in CGI requests leads to command injection and remote code execution in the root context. The issue arises from improper validation before executing system calls. Public sources (including NVD, OSV, CIRCL, and related adviso...

CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability

Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The...

CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

WSO2 API Manager SynapseArtifactUploaderAdmin Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SynapseArtifactUploaderAdmin endpoint, which listens on TCP port 9443 by default. The...

CVE-2024-12850 Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read

The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the databasebackupajaxdownload function. This makes it possible for authenticated attackers, with administrator-level access...

Exploit for Path Traversal in Ghost

CVE-2023-4002 Ghost-Arbitrary-File-Read : The username/email...

CVE-2024-12832

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12829

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within...

CVE-2024-12832

Arista NG Firewall vulnerability CVE-2024-12832: ReportEntry allows SQL injection due to insufficient validation of a user-supplied string used to build queries, enabling arbitrary file read/write and potential code execution under www-data. Authenticated requirement; no concrete fix/version info...

CVE-2024-12832 Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability

Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this...

CVE-2024-12829 Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability

Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within...

CVE-2024-12829

The CVE-2024-12829 entry maps to Arista NG Firewall, specifically the ExecManagerImpl component. The flaw is a command-injection vulnerability caused by insufficient validation of a user-supplied string before it is used to execute a system call, allowing remote code execution with root privilege...

Webmin CGI Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied...

(0Day) Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack...

(0Day) Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a...

Tibbo Aggregate Network Manager UploaderTempFileController Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tibbo Aggregate Network Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the UploaderTempFileController class. The issue results from the lack of...

Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the type parameter provided to the details endpoint. The issue results...

Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the groupname parameter provided to the replication endpoint. The issu...