4202 matches found
Command Execution Vulnerability in Operation and Maintenance Management Audit System of Shanghai Shangxun Information Technology Co.
hereinafter referred to as "SinoCom-ArtM" is one of the leading providers of data, intelligent security operation and maintenance, mobile security, security services and other fields in China. A command execution vulnerability exists in the Operations and Maintenance Management and Audit System o...
CVE-2024-50603
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...
The vulnerability of the signer-package processor in Nucleus scanners allows a perpetrator to execute arbitrary code.
The vulnerability of the signer-package processor in Nuclei scanners exists because measures to neutralize special elements are not taken. Exploiting this vulnerability allows an attacker to execute arbitrary code by running a specially crafted template with user input...
CVE-2024-40427
Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute...
CVE-2025-0247 Memory safety bugs fixed in Firefox 134 and Thunderbird 134
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134...
CVE-2022-45185
CVE-2022-45185 affects SuiteCRM 7.12.7. Authenticated users can upload malicious files through CRM functions, and Minecraft-like… sorry, deserialization can be used to achieve code execution. The Red Hat and OSV entries confirm the same description. The documented impact is high (CVE-3.1 base sco...
CVE-2024-13046
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution vulnerability affects Ashlar-Vellum Cobalt. The flaw arises in CO file parsing due to inadequate validation of input data, causing a write past the end of an allocated buffer and enabling code execution in the target p...
CVE-2024-47978
Dell NativeEdge, versions 2.1.0.0, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2024-12700
CVE-2024-12700 relates to Tibbo AggreGate Network Manager. The provided documents identify an unrestricted file upload vulnerability in the UploaderTempFileController (Tibbo Aggregate Network Manager) that allows an authenticated, low-privileged user to upload a JSP shell and execute arbitrary co...
CVE-2024-12175
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary...
CVE-2024-11364
CVE-2024-11364 concerns Rockwell Automation Arena Simulation. The issue is a vulnerability in the parsing of DOE files where an uninitialized variable/memory can be accessed, enabling arbitrary code execution. Exploitation requires some form of user interaction (e.g., opening a malicious DOE file...
CVE-2020-15934
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine...
RockyLinux 8 : perl-App-cpanminus:1.7044 (RLSA-2024:10219)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:10219 advisory. perl-App-cpanminus: Insecure HTTP in App::cpanminus Allows Code Execution Vulnerability CVE-2024-45321 Tenable has extracted the preceding description block...
Progress Telerik UI for WPF 2024.4.1213 (CVE-2024-10095)
The version of Progress Telerik UI for WPF installed on the remote host is prior to 2024.4.1213. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10095 advisory. - In Progress Telerik UI for WPF versions prior to 2024 Q4 2024.4.1213, a code execution attack is possible...
CVE-2023-34990
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests...
CVE-2024-21546
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution RCE through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code...
CVE-2024-39703
ThreatQuotient ThreatQ platforms prior to version 5.29.3 contain a command-injection vulnerability in an API endpoint that authenticated users can exploit to execute arbitrary commands, effectively enabling remote code execution. Affected software: ThreatQ/ThreatQuotient before 5.29.3. Root cause...
CVE-2024-49775
A vulnerability has been identified in Opcenter Execution Foundation All versions V2501.0001, Opcenter Intelligence All versions V2501.0001, Opcenter Quality All versions V2512, Opcenter RDnL All versions V2410, SIMATIC PCS neo V4.0 All versions, SIMATIC PCS neo V4.1 All versions V4.1 Update 3,...
CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI...
PT-2024-16023 · Telerik · Telerik Ui For Wpf
Name of the Vulnerable Software and Affected Versions: Telerik UI for WPF versions prior to 2024 Q4 2024.4.1213 Description: A code execution attack is possible through an insecure deserialization vulnerability. This issue affects Telerik UI for WPF and can be exploited, allowing for code...