CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')

A Improper Control of Generation of Code 'Code Injection' vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

CVE-2024-50379-POC This repository contains a Python script de...

GHSA-R7J8-5H9C-F6FX Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

Remote Command Execution in file editing in gogs

Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. Patches Editing symlink while changing the file name has been prohibited via the repository web editor https://github.com/gogs/gogs/pull/7857. Users should upgrade to 0.13...

CVE-2024-46873

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker...

CVE-2024-46873

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker...

CVE-2024-46873

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker...

Sharp SH-05L、SH-52B、SH-54C和HR02 安全漏洞

The Sharp HR02 and others are products of Sharp Corporation of Japan.The Sharp HR02 is a home router.The Sharp SH-52B is a wireless LAN connectivity station.The Sharp SH-54C is a wireless LAN connectivity station. A security vulnerability exists in the Sharp SH-05L, SH-52B, SH-54C, and HR02 that...

The vulnerability of the `ldap_search_dn` function in the `mainfunction.cgi` script of the DrayTek Vigor router’s web interface allows a hacker to execute arbitrary commands.

The vulnerability of the ldapsearchdn function in the mainfunction.cg script of the DrayTek Vigor router’s web interface is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the sub_1225C function in the mainfunction.cgi web interface of the DrayTek Vigor router software allows a hacker to execute arbitrary commands.

The vulnerability of function sub1225C in the mainfunction.cgi web interface of the DrayTek Vigor router software lies in the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the built-in network firewall QuFirewall for protecting data on NAS devices from QNAP, related to the lack of measures taken at the management level to clean data, allows attackers to execute arbitrary commands.

The vulnerability of the built-in network firewall of QuFirewall, used for protecting data on NAS devices from QNAP, is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-28767

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2024-28767 IBM Security Directory Integrator command execution

IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request...

PT-2024-22568 · Ibm · Ibm Security Directory Integrator

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Integrator versions 7.2.0 through 7.2.0.13 IBM Security Directory Integrator versions 10.0.0 through 10.0.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by...

The vulnerability of the Ruijie Reyee OS operating system is related to the use of a initially dangerous function, which allows attackers to execute arbitrary commands.

The vulnerability of the Ruijie Reyee OS operating system is related to the use of a initially dangerous function. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially created malicious MQTT message...

CVE-2024-11984 SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file...

CVE-2023-23356

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions:...

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions, allowing a perpetrator to execute arbitrary commands.

The vulnerabilities of the software platforms Cleo Harmony, VLTrader, and LexiCom are related to errors in the use of standard permissions. Exploiting these vulnerabilities can allow a remote attacker to execute arbitrary commands...

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point software Tenda G3 allows a intruder to execute arbitrary commands.

The vulnerability of the formSetUSBPartitionUmount function in the wireless access point Tenda G3 software is related to the lack of measures taken to neutralize special elements during the processing of the usbPartitionName parameter. Exploiting this vulnerability allows a remote attacker to...

NUUO NVRmini Devices OS Command Injection Vulnerability

NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...