NUUO NVRmini Devices OS Command Injection Vulnerability

NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command...

CVE-2024-53376

CyberPanel prior to 2.3.8 is affected by an authenticated OS command injection in the websites/submitWebsiteCreation endpoint. The root cause is input handling of the phpSelection field allowing shell metacharacters to be executed by an authenticated user, enabling arbitrary command execution wit...

The vulnerability of the microprogrammed routing software of I-O Data Device UD-LT1 and UD-LT1/EX exists due to the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.

The vulnerability of the I-O Data Device UD-LT1 and UD-LT1/EX router microprogramming systems exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2024-36552 · Unknown · Crater Invoice

Name of the Vulnerable Software and Affected Versions: Crater Invoice affected versions not specified Description: A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP KEY to achieve remote command execution on the server by manipulating the laravel sessi...

Dell Avamar SQL Injection Vulnerability (CNVD-2025-18250)

Dell Avamar is a software solution for data backup and recovery. A SQL injection vulnerability exists in Dell Avamar. The vulnerability stems from an improper neutralization of special elements in SQL commands. An attacker could exploit this vulnerability to perform command execution...

CVE-2024-52308

...

The vulnerability of the upgrademysqlstatus() function in the CyberPanel web hosting control panel allows a hacker to escalate their privileges and execute arbitrary commands.

The vulnerability of the upgrademysqlstatus function in the CyberPanel web hosting control panel is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to elevate their privileges and execute arbitrary commands remotely...

ROS-20241211-04

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

The vulnerability of the Microprogrammed Software for IP Telephones Mitel 6869i, related to the lack of measures taken at the control level to protect data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Microprogrammed Software for Mitel 6869i IP phones lies in the lack of measures taken to sanitize data at the administrative level when processing parameters like username and path on the upgrade.html page. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability in the RMT_invite.cgi script of NETGEAR R7000 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability in the RMTinvite.cgi script of NETGEAR R7000 Wi-Fi routers lies in the lack of data cleaning at the control level when processing the parameter devicename2. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

CVE-2024-55547 Remote Command Execution via SNMP

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e...

CVE-2024-55547 Remote Command Execution via SNMP

SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e...

CVE-2024-47977

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this...

CVE-2024-47484

Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. An unauthenticated attacker with remote access could potentially exploit this...

Image Access Scan2Net 安全漏洞

Image Access Scan2Net is a scanning software from Image Access, Germany. A security vulnerability exists in Image Access Scan2Net versions 7.40 and earlier, 7.42 and earlier, and 7.42B and earlier, which stems from improper cleaning of the HTTP GET parameter data, which allows an attacker to acce...

CVE-2024-55580

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, Ma...

Qlik Sense 安全漏洞

Qlik Sense is an application from Qlik, Inc. that allows users to create visualizations, charts, interactive dashboards, and analytical applications for local and offline use. A security vulnerability exists in Qlik Sense Enterprise for Windows prior to November 2024 IR, which originates from a...

CVE-2024-55580

An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, Ma...

CVE-2024-55580

CVE-2024-55580 affects Qlik Sense Enterprise for Windows prior to November 2024 IR. An unprivileged user with network access can cause remote command execution and potentially compromise availability, integrity, and confidentiality due to issues in handling connection objects and input processing...

The vulnerability of the QuTS operating systems and QTS network devices from Qnap arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the QuTS operating systems and QTS network devices involves the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...