CVE-2024-51465

IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2024-51567

upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...

CVE-2024-42017

An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the...

CVE-2024-24995

A Race Condition TOCTOU vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-24999

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-24998

A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM...

CVE-2024-20424

A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability ...

CVE-2024-46997

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...

CVE-2024-22061

A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands...

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system...

CVE-2024-0005

A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration...

CVE-2024-26295

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2024-8957

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntpaddr configuration value which may lead to arbitrary command execution when ntpclient is started. When chained with CVE-2024-8956, a remote and...

CVE-2025-25039

The CVE-2025-25039 entry concerns Hewlett Packard Enterprise Aruba ClearPass Policy Manager (CPPM) by way of its web-based management interface. The vulnerability allows remote authenticated users to execute arbitrary commands on the underlying host, with the impact described as executing command...

Zyxel VMG4325-B10A 操作系统命令注入漏洞

The Zyxel VMG4325-B10A is a modem from China Heqin Zyxel. An operating system command injection vulnerability exists in the Zyxel VMG4325-B10A version 1.00AAFR.4C020170615. An attacker could exploit this vulnerability to execute operating system OS commands...

The vulnerability of the setVpnAccountCfg() function (/web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function /web/cgi-bin/cstecgi.cgi of the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command when processing the user parameter. Exploiting this vulnerability...

The vulnerability of the setVpnAccountCfg() function (located in web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a malicious actor to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function located at web/cgi-bin/cstecgi.cgi in the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command processing when handling the pass parameter. Exploiting th...

The vulnerability of the setVpnAccountCfg() function (/web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function /web/cgi-bin/cstecgi.cgi of the TOTOLINK X5000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when handling the desc parameter...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

PT-2025-5620 · Advantive · Veracore

Name of the Vulnerable Software and Affected Versions: Advantive VeraCore versions through 2025.1.0 Description: A SQL injection vulnerability in timeoutWarning.asp allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. This issue is being actively exploited. The...