340 matches found
CVE-2024-43415
An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...
CVE-2024-31442
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...
CVE-2024-39763
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2024-51480
CVE-2024-51480 (RedisTimeSeries) affects RedisTimeSeries; a vulnerability arises when an authenticated user runs TS.QUERYINDEX, TS.MGET, TS.MRAGE, or TS.MREVRANGE with crafted arguments, causing an integer overflow that may lead to a heap overflow and potentially remote code execution. Affected s...
CVE-2024-51532
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...
The vulnerability of the USER command processor in TP-Link VN020 F3v(T) wireless routers allows a hacker to cause a service failure.
The vulnerability of the USER command handler in TP-Link VN020 F3vT Wi-Fi routers lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to cause service failures remotely...
Fortinet FortiWeb Multiple stack-based buffer overflow vulnerabilities in CLI command (FG-IR-20-206)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-206 advisory. - A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute...
CVE-2024-49760
OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...
The vulnerability of the `std::process::Command` function in the `File Extension` component of the Rust programming language operating system for Windows, allowing a malicious actor to execute arbitrary code.
The vulnerability of the std::process::Command function in the File Extension component of the Rust programming language operating system for Windows is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary code by...
CVE-2024-42738
The CVE-2024-42738 issue affects TOTOLINK X5000r (version 9.1.0cu.2350_b20230313). It is an OS command injection in the /cgi-bin/cstecgi.cgi function setDmzCfg, exploitable by authenticated attackers who can send malicious packets to execute arbitrary commands. The vulnerability’s impact is high ...
CVE-2024-36475
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed...
UBUNTU-CVE-2024-32487
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...
CVE-2024-28015
OS Command Injection (CWE-78) affecting NEC Aterm router series (e.g., WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, WR8165N, WG1800HP4, WG1810HP(JE/MF), WM3400RN, CR2500P, MR01LN/MR02LN, etc.) allows an attacker to execute arbitrary commands with root pr...
CVE-2024-28015
Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2,...
The vulnerability of the formexeCommand function (/goform/execCommand) in the Tenda AC10U router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formexeCommand function /goform/execCommand in the Tenda AC10U router’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...
CVE-2024-25021 IBM AIX command execution
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320...
CVE-2024-23676
In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...
Command injection
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup...
CVE-2023-40716
FortiTester versions 2.3.0–7.2.3 are affected by an OS command injection (CWE-78) vulnerability in the command line interpreter. An authenticated attacker with local access can craft arguments for the restore/backup operation to execute unauthorized commands. Root cause: improper neutralization o...
Command injection
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...