Lucene search
K

459 matches found

Rapid7 Blog
Rapid7 Blog
added 2024/12/03 8:0 p.m.41 views

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

9.8CVSS8.4AI score0.01111EPSS
Exploits1
OSV
OSV
added 2024/11/26 11:22 a.m.3 views

CVE-2024-50366

A CWE-78 "Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The source of the vulnerability relies on...

7.2CVSS5.8AI score0.01042EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/22 12:0 a.m.3 views

mySCADA myPRO 操作系统命令注入漏洞

mySCADA myPRO is a professional HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO Manager, which can be exploited by an attacker to inject arbitrary operating system commands...

10CVSS7.6AI score0.01697EPSS
Exploits0References1
OSV
OSV
added 2024/11/21 3:15 p.m.4 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS5.9AI score0.10514EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/12 1:17 a.m.12 views

CVE-2024-8881

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80AAHN.1C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system OS commands on an affected device by...

6.8CVSS8AI score0.0068EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.8 views

PT-2024-8173 · D Link · D-Link Dsl6740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL6740C modem affected versions not specified Description: The D-Link DSL6740C modem has an OS Command Injection issue, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a...

9CVSS8.2AI score0.01325EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.4 views

PT-2024-16432 · Idexpert · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert versions up to 2.8 Description: The issue concerns a lack of validation in the administrator interface of IDExpert, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. This can be...

7.2CVSS8.2AI score0.00563EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.19 views

Siemens InterMesh 7177和Siemens InterMesh 7707 访问控制错误漏洞

InterMesh is a wireless alarm reporting system that uses mesh wireless network technology to transmit alarm signals. A security vulnerability exists in Siemens InterMesh Subscriber Devices due to a web server in the affected devices that does not authenticate a GET request that executes a specifi...

9.8CVSS6.9AI score0.005EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.4 views

PT-2024-7556 · Ptzoptics · Ptzoptics Pt30X-Sdi/Ndi Cameras

Name of the Vulnerable Software and Affected Versions: PTZOptics PT30X-SDI/NDI Cameras versions prior to firmware 6.3.40 Description: The issue is related to an OS command injection problem. The camera does not sufficiently validate the ntp addr configuration value, which may lead to arbitrary...

10CVSS10AI score0.81973EPSS
Exploits1References40
OSV
OSV
added 2024/08/22 8:15 p.m.3 views

CVE-2024-8075

A vulnerability has been found in TOTOLINK AC1200 T8 4.1.5cu.862B20230228 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg. The manipulation leads to os command injection. The attack can be launched remotely. NOTE: The vendor was contacted early about thi...

9.8CVSS5.5AI score0.019EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.8 views

PT-2024-10766 · Unknown · Ca Privileged Access Manager

Name of the Vulnerable Software and Affected Versions: Privileged Access Manager versions prior to 3.7.0.1 Description: The issue allows an SSH authenticated user to execute an OS command and gain full system access using bash when accessing the PAM server. Recommendations: For versions prior to...

8.2CVSS7.8AI score0.00309EPSS
Exploits0References7
Redos
Redos
added 2024/08/16 12:0 a.m.63 views

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...

9.8CVSS8.1AI score0.99987EPSS
Exploits66
Github Security Blog
Github Security Blog
added 2024/08/14 12:35 p.m.5 views

Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

8.4CVSS7.6AI score0.01529EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2024/08/14 12:35 p.m.3 views

GHSA-8FRP-PXQ2-3GPQ Magento OS Command ('OS Command Injection') vulnerability

Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user...

8.4CVSS7.8AI score0.01529EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.4 views

PT-2024-6509 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The issue is related to an OS command injection vulnerability in the setModifyVpnUser function, located in the /cgi-bin/cstecgi.cgi file. This vulnerability can be exploited by...

9CVSS7.5AI score0.01661EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2024/08/01 2:15 a.m.3 views

CVE-2024-39607

OS command injection vulnerability exists in ELECOM wireless LAN routers. A specially crafted request may be sent to the affected product by a logged-in user with an administrative privilege to execute an arbitrary OS command...

6.8CVSS6.9AI score0.00846EPSS
Exploits0References3Affected Software15
BDU FSTEC
BDU FSTEC
added 2024/07/23 12:0 a.m.4 views

The vulnerability of Adobe Dreamweaver’s HTML editor arises from the lack of measures taken to eliminate special elements used in the operating system command line. This allows attackers to execute arbitrary code.

The vulnerability of Adobe Dreamweaver exists because measures to neutralize special elements used in the operating system command are not taken. Exploiting this vulnerability allows a perpetrator to execute arbitrary code by sending a specially created malicious file...

8.2CVSS6AI score0.00865EPSS
Exploits0References3Affected Software1
Redos
Redos
added 2024/07/16 12:0 a.m.20 views

ROS-20240716-03

A vulnerability in the Org-Link-Expand-ABBREV function of the LISP/OL.EL file of the EMACS text editor exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary...

9.8CVSS7.6AI score0.01323EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/07/15 1:12 a.m.4 views

less: OS command injection

An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases...

8.6CVSS6.8AI score0.00628EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.4 views

Realtek rtl819x Jungle SDK OS Command Injection Vulnerability

The Realtek rtl819x Jungle SDK is a driver for a wireless LAN chip from China-based Realtek Semiconductor Realtek. An OS command injection vulnerability exists in Realtek rtl819x Jungle SDK version v3.4.11, which stems from an OS command injection vulnerability in the boa formWsc function...

7.2CVSS7.6AI score0.01929EPSS
Exploits0References2
Rows per page
Query Builder