CVE-2024-36295

A command execution vulnerability exists in the qos.cgi qossta functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-39602

An external config control vulnerability exists in the nas.cgi setnas functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

CVE-2024-47572

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file...

CVE-2024-54021

An Improper Neutralization of CRLF Sequences in HTTP Headers 'http response splitting' vulnerability CWE-113 in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 may allow a remote unauthenticated attacker to bypass the file filter via crafted HTTP headers...

CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

CVE-2024-27778

CVE-2024-27778 : Fortinet FortiSandbox OS command injection vulnerability (CWE-78). An authenticated attacker with at least read-only privileges can execute unauthorized OS commands via crafted requests. Affected FortiSandbox versions span 3.0.5–3.0.7, 3.1, 3.2, 4.0.0–4.0.4, 4.2.1–4.2.6, and 4.4....

CVE-2024-27778

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0....

CVE-2024-7344 Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path.

Howyar UEFI Application "Reloader" 32-bit and 64-bit is vulnerable to execution of unsigned software in a hardcoded path...

January 14, 2025-Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5050183)

January 14, 2025-Security and Quality Rollup for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 KB5050183 Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET...

Microsoft Access Remote Code Execution Vulnerability

...

Description of the security update for Access 2016: January 14, 2025 (KB5002670)

Description of the security update for Access 2016: January 14, 2025 KB5002670 Summary This security update resolves a Microsoft Access remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and Exposures...

January 14, 2025-KB5050190 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2

January 14, 2025-KB5050190 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2 Release Date: January 14, 2025 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes the security and cumulative update for 3.5, 4.8 and 4.8.1 for Azure Stack...

Microsoft Office 安全漏洞

Microsoft Office OneNote is a set of tools for free-form information access and multi-user collaboration. A code execution vulnerability exists in Microsoft Office OneNote, which can be exploited by an attacker to execute arbitrary code on a system...

Microsoft Internet Explorer 安全漏洞

Microsoft Internet Explorer IE is a Web browser that comes with the Windows operating system from the American company Microsoft. A code execution vulnerability exists in Microsoft Internet Explorer due to a flaw in the Internet Explorer component. An attacker could exploit the vulnerability to...

CVE-2024-12847

NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited ...

CVE-2024-46210

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file...

Command Execution Vulnerability in Internet Behavior Management of Beijing Tianrongxin Technology Co.

Ltd. is an information security product and service solution provider. A command execution vulnerability exists in Beijing Tianrongxin Internet Behavior Management, which can be exploited by attackers to execute arbitrary commands...

Command Execution Vulnerability in Internet Behavior Management System of Beijing Tianrongxin Technology Co.

Ltd. is an information security product and service solution provider. A command execution vulnerability exists in the Internet behavior management system of Beijing Tianrongxin Technology Co., Ltd, which can be exploited by attackers to execute arbitrary commands...

CVE-2023-28354

An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call checknrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NR...