Lucene search
K

340 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 12:46 p.m.6 views

CVE-2024-43415

An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidimawesome-module 0.9.0 allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands...

9CVSS7.3AI score0.0066EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:26 a.m.6 views

CVE-2024-31442

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...

8.8CVSS8.9AI score0.00545EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:16 p.m.16 views

CVE-2024-39763

Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...

9.1CVSS7.5AI score0.04815EPSS
Exploits1
CVE
CVE
added 2025/01/08 3:20 p.m.52 views

CVE-2024-51480

CVE-2024-51480 (RedisTimeSeries) affects RedisTimeSeries; a vulnerability arises when an authenticated user runs TS.QUERYINDEX, TS.MGET, TS.MRAGE, or TS.MREVRANGE with crafted arguments, causing an integer overflow that may lead to a heap overflow and potentially remote code execution. Affected s...

7CVSS7.4AI score0.00202EPSS
Exploits1References1
NVD
NVD
added 2024/12/19 2:15 a.m.24 views

CVE-2024-51532

Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files...

7.1CVSS0.0026EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/11 12:0 a.m.7 views

The vulnerability of the USER command processor in TP-Link VN020 F3v(T) wireless routers allows a hacker to cause a service failure.

The vulnerability of the USER command handler in TP-Link VN020 F3vT Wi-Fi routers lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to cause service failures remotely...

6.5CVSS6.9AI score0.01842EPSS
Exploits3References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/26 12:0 a.m.11 views

Fortinet FortiWeb Multiple stack-based buffer overflow vulnerabilities in CLI command (FG-IR-20-206)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-20-206 advisory. - A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute...

8.8CVSS8.7AI score0.01646EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/10/24 9:35 p.m.11 views

CVE-2024-49760

OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the localization file to load, of the form translations-$LANG.json. But when doing so in versions prior to 3.8.3, it does not check that the...

7.1CVSS5.2AI score0.00597EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/06 12:0 a.m.6 views

The vulnerability of the `std::process::Command` function in the `File Extension` component of the Rust programming language operating system for Windows, allowing a malicious actor to execute arbitrary code.

The vulnerability of the std::process::Command function in the File Extension component of the Rust programming language operating system for Windows is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary code by...

8.1CVSS5.9AI score0.00744EPSS
Exploits10References6Affected Software1
CVE
CVE
added 2024/08/13 12:0 a.m.62 views

CVE-2024-42738

The CVE-2024-42738 issue affects TOTOLINK X5000r (version 9.1.0cu.2350_b20230313). It is an OS command injection in the /cgi-bin/cstecgi.cgi function setDmzCfg, exploitable by authenticated attackers who can send malicious packets to execute arbitrary commands. The vulnerability’s impact is high ...

8.8CVSS8.3AI score0.01647EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/17 8:48 a.m.13 views

CVE-2024-36475

FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed...

7.5AI score0.00619EPSS
Exploits0References3
OSV
OSV
added 2024/04/13 3:15 p.m.1 views

UBUNTU-CVE-2024-32487

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

8.6CVSS7AI score0.00628EPSS
Exploits0References4
CVE
CVE
added 2024/03/28 12:56 a.m.78 views

CVE-2024-28015

OS Command Injection (CWE-78) affecting NEC Aterm router series (e.g., WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, WR8165N, WG1800HP4, WG1810HP(JE/MF), WM3400RN, CR2500P, MR01LN/MR02LN, etc.) allows an attacker to execute arbitrary commands with root pr...

9.8CVSS7.4AI score0.00674EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/28 12:56 a.m.19 views

CVE-2024-28015

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2,...

7.4AI score0.00674EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/03/26 12:0 a.m.6 views

The vulnerability of the formexeCommand function (/goform/execCommand) in the Tenda AC10U router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formexeCommand function /goform/execCommand in the Tenda AC10U router’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...

9CVSS8AI score0.0148EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/22 11:39 a.m.31 views

CVE-2024-25021 IBM AIX command execution

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320...

8.4CVSS6.9AI score0.00269EPSS
Exploits0References2
OSV
OSV
added 2024/01/22 9:15 p.m.3 views

CVE-2024-23676

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...

3.5CVSS5.8AI score0.00324EPSS
Exploits0References2
Prion
Prion
added 2023/12/13 7:15 a.m.17 views

Command injection

An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiTester 2.3.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments when running execute restore/backup...

4.3CVSS7.5AI score0.00247EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/13 6:44 a.m.40 views

CVE-2023-40716

FortiTester versions 2.3.0–7.2.3 are affected by an OS command injection (CWE-78) vulnerability in the command line interpreter. An authenticated attacker with local access can craft arguments for the restore/backup operation to execute unauthorized commands. Root cause: improper neutralization o...

7.8CVSS7.7AI score0.00247EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/08 4:15 p.m.18 views

Command injection

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...

6.5CVSS7.7AI score0.73277EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder