CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

CVE-2024-27778

CVE-2024-27778 : Fortinet FortiSandbox OS command injection vulnerability (CWE-78). An authenticated attacker with at least read-only privileges can execute unauthorized OS commands via crafted requests. Affected FortiSandbox versions span 3.0.5–3.0.7, 3.1, 3.2, 4.0.0–4.0.4, 4.2.1–4.2.6, and 4.4....

CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...

Command Execution Vulnerability in Internet Behavior Management of Beijing Tianrongxin Technology Co.

Ltd. is an information security product and service solution provider. A command execution vulnerability exists in Beijing Tianrongxin Internet Behavior Management, which can be exploited by attackers to execute arbitrary commands...

Command Execution Vulnerability in Internet Behavior Management System of Beijing Tianrongxin Technology Co.

Ltd. is an information security product and service solution provider. A command execution vulnerability exists in the Internet behavior management system of Beijing Tianrongxin Technology Co., Ltd, which can be exploited by attackers to execute arbitrary commands...

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of data, intelligent security operation and maintenance, mobile security, security services and other fields in China. A command execution vulnerability exists in the Operations and Maintenance Management and Audit System o...

CVE-2024-39703

ThreatQuotient ThreatQ platforms prior to version 5.29.3 contain a command-injection vulnerability in an API endpoint that authenticated users can exploit to execute arbitrary commands, effectively enabling remote code execution. Affected software: ThreatQ/ThreatQuotient before 5.29.3. Root cause...

CVE-2024-53376

CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...

Command Execution Vulnerability in JeeSite of Jinan Zhuoyuan Software Co.

JeeSite is a Java rapid development platform based on Spring Boot, Spring Cloud, MyBatis, Shiro, Beetl and Bootstrap. There is a command execution vulnerability in JeeSite, which can be exploited by an attacker to gain server privileges...

Command Execution Vulnerability in the Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co. Ltd (CNVD-C-2024-941497)

Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd. is one of the leading domestic suppliers in the fields of data, intelligent security operation and maintenance, mobile security and security services. A command execution vulnerability exists in the Operations and...

Command Execution Vulnerability in Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co.

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A command execution vulnerability exists in the Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited b...

Command Execution Vulnerability in UFIDA NC at UFIDA Network Technology Co.

UFIDA NC is a large erp enterprise management system and e-commerce platform. A command execution vulnerability exists in UFIDA NC, which can be exploited by an attacker to execute arbitrary commands...

Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.

Founded in December 2010, Shanghai SinoCom-ArtM Information Technology Co., Ltd. is one of the leading domestic suppliers in the fields of data, intelligent security operation and maintenance, mobile security and security services. A command execution vulnerability exists in the Operations and...

PT-2024-8519 · Fortinet · Fortimanager +2

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer versions 7.4.0 through 7.4.2 and before 7.2.5 Fortinet FortiAnalyzer-BigData before 7.4.0 Description: The issue is related to improper neutralization ...

CVE-2024-50809

CVE-2024-50809 affects SDCMS 2.8 via a vulnerability in the theme.php file that enables command execution (system commands). Multiple sources (NVD, Red Hat, CNNVD, CVE lists, CIRCL) confirm the vulnerable component; CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and...

Command Execution Vulnerability in the Operation and Maintenance Security Management System of Beijing Shengbo Run High-Tech Co.

Beijing Shengbolun High-Tech Co., Ltd. is a high-tech enterprise focusing on network security technology research, product development and security services. A command execution vulnerability exists in the Operations and Maintenance Security Management System OMS of Beijing Saints Bright Hi-Tech...

Command Execution Vulnerability in Intelligent Park Integrated Management Platform of Zhejiang Dahua Technology Co.

Zhejiang Dahua Co., Ltd. is a leading supplier of surveillance products and solution service provider for the world to provide leading video storage, front-end, display control and intelligent transportation and other series of products, and provide to provide thermal imaging temperature...

Command Execution Vulnerability in Fangde Desktop Operating System of Zhongke Fangde Software Co.

Fangde desktop operating system is a domestic operating system, adapted to Haikuang, Zhaoxin, Feiteng, Longxin, Shenwei, Kunpeng and other domestic CPUs, supporting x86, ARM, MIPS and other mainstream architectures. A command execution vulnerability exists in the Fangde desktop operating system o...

Cisco Secure Firewall Management Center Command Execution Vulnerability

Cisco Secure Firewall Management Center is a powerful network security management tool from Cisco. A command execution vulnerability exists in Cisco Secure Firewall Management Center that stems from insufficient input validation of certain HTTP request parameters sent to the web management...