17 matches found
CVE-2024-50373
CVE-2024-50373 affects Advantech EKI-6333AC-2G (≤1.6.3), EKI-6333AC-2GD (≤1.6.3) and EKI-6333AC-1GPO (≤1.2.1). The root cause is improper neutralization of special elements in OS commands during the restore_config_from_utility operation in the edgserver service, enabling remote unauthenticated at...
Security Bulletin: Multiple Vulnerabilities in IBM Event Endpoint Management
Summary Multiple vulnerabilities were addressed in IBM Event Endpoint Management version 11.3.2 Vulnerability Details CVEID:CVE-2024-47176 DESCRIPTION: OpenPrinting cups-browsed could allow a remote attacker to obtain sensitive information, caused by the binding on UDP INADDRANY:631 and trusting...
Alisonic Sibylla
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' 2. RISK EVALUATION Successful exploitation of this vulnerability...
CVE-2024-3126
CVE-2024-3126 concerns the parisneo/lollms-webui project, specifically the bug in the Python file lollms_xtts.py and the function run_xtts_api_server. The issue stems from constructing an OS command with a Python f-string and passing xtts_base_url to subprocess.Popen without adequate input saniti...
CVE-2023-52142
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50...
CVE-2023-49692
A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V7.2.2,...
CVE-2023-35879
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78...
JVN#78634340: Multiple vulnerabilities in WAVLINK WL-WN531AX2
WL-WN531AX2 provided by WAVLINK contains multiple vulnerabilities listed below. Client-side enforcement of server-side security CWE-602 - CVE-2023-32612 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:C/I:C/A:C|...
CVE-2023-22643
An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPOALIAS, REPOTYPE or...
mySCADA myPRO
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: mySCADA Equipment: myPRO Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow arbitrary operating system commands injection. 3. TECHNICAL...
Sql injection
An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects:...
Quest DR Series Disk Backup Software 4.0.3 Code Execution
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Quest DR Series Disk Backup Multiple Vulnerabilities 1. Advisory Information Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL:...
Trend Micro Smart Protection Server Multiple Vulnerabilities
1. Advisory Information Title: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities Date published: 2017-12-19 Date of last update:...
CVE-2017-14500
Removed by vendor...
Trend Micro Smart Protection OS Command Injection
1. Advisory Information Title: Trend Micro Smart Protection OS Command Injection Advisory ID: CORE-2017-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-os-command-injection Date published: 2017-08-23 Date of last update: 2017-08-23 Vendors contacted...
Geutebrück IP Cameras
CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Authentication Bypass and Improper Neutralization of Special Elements AFFECTED PRODUCTS The following Geutebrück G-Cam IP camera version is affected: G-Cam/EFD-2250...