Wavlink WN535K2/WN535K3 - OS Command Injection

Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlistsync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...

GlobalProtect - OS Command Injection

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...

CVE-2024-51304

CVE-2024-51304 affects Draytek Vigor3900, version 1.5.1.3. The vulnerability arises in the web interface script mainfunction.cgi, where input handling around ldap_search_dn allows an attacker to inject and execute arbitrary commands. CVSS v3.1 base score 8.8 (Network, Low attack complexity, Privi...

Qnap QTS OS Command Injection (CVE-2024-38641)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...

CVE-2024-7679

Summary: CVE-2024-7679 affects Progress Telerik UI for WinForms prior to 2024 Q3 (2024.3.924). The root cause is improper neutralization of hyperlink elements, enabling a command injection attack. What’s affected: Progress Telerik UI for WinForms versions before 2024.3.924. Impact: potential comm...

CVE-2024-44572

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sysmgmt function...

Kemp LoadMaster Local sudo Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kemp LoadMaster Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Kemp LoadMaster...

RHEL 5 : spamassassin (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: command injection via crafted configuration file CVE-2020-1931 - A denial of service...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

PAN-OS CVE-2024-3400 Check Overview FOR INTERNAL USE ON...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 CVE-2024-3400 Palo Alto File Write Exploit...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

Cyberspace Mapping Dork Fofa app="paloalto-GlobalProt...

Command Injection

gradio is vulnerable to Command Injection. The vulnerability is due to expressions inside of $ being evaluated and substituted with resulting values before the shell script is run, making it susceptible to injection attacks. The vulnerability allows for unauthorized modification of the base...

CVE-2024-0817

Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0...

CVE-2024-22188

TYPO3 before 13.0.1 allows an authenticated admin user with system maintainer privileges to execute arbitrary shell commands with the privileges of the web server via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELT...

MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability

Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands...

Command injection

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac5g and Newname, which leads to command injection in page /wifimesh.shtml...

CLSA-2022-1658171496 Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068

CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired SCT certificates...

CVE-2022-25084

TOTOLink T6 V5.9c.4085B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter...

QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...