FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

The vulnerability of the apcli_do_enr_pin_wps function in the microprogramming software of the TOTOLINK A6000R router allows a hacker to execute arbitrary commands.

The vulnerability of the apclidoenrpinwps function in the TOTOLINK A6000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the command when processing the ifname parameter. Exploiting this vulnerability can allow a remote attacke...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition, related to the lack of measures taken to clean up data at the management level, allows a violator to introduce commands into the system.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute commands on the connected Cube...

The vulnerability of the upgrade_filter_asp function in the /upgrade_filter.asp file of the D-Link DI-8003 router’s microprogramming system, allowing a hacker to execute arbitrary commands.

The vulnerability of the upgradefilterasp function in the /upgradefilter.asp file of the D-Link DI-8003 router microprogramming system is related to the lack of measures taken at the control level for data cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2024-34371 · Schrödinger · Pymol

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python...

The vulnerability of the dbsrv_asp function in the /dbsrv.asp file of the D-Link DI-8003 device’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the dbsrvasp function in the /dbsrv.asp file of the D-Link DI-8003 device’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by injecting a specially crafted comma...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 is vulnerable in its Run Script function, which can execute arbitrary Python code embedded in .PY files, enabling Remote Command Execution (RCE) when a malicious .PY file with a reverse-shell payload is processed. The root cause is PyMOL treating .PYM files as Python scripts without p...

PT-2024-8703 · Ivanti · Ivanti Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Ivanti Connect Secure versions prior to 22.7R2.1 Ivanti Policy Secure versions prior to 22.7R1.1 Description: The issue is related to command injection, allowing a remote authenticated attacker with admin privileges to achieve remote code...

The vulnerability of the cgi_user_add function in the CGI script /cgi-bin/account_mgr.cgi?cmd=cgi_user_add allows a hacker to execute arbitrary commands. This vulnerability affects microprogrammed devices from the D-Link series: DNS-320, DNS-320LW, DNS-325, and DNS-340L.

The vulnerability of the cgiuseradd function in the CGI script /cgi-bin/accountmgr.cgi?cmd=cgiuseradd in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L devices is related to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this...

Vulnerabilities fixed in Aruba Networks ArubaOS

Aruba Networks has fixed vulnerabilities in ArubaOS. A malicious party could exploit the vulnerabilities to execute arbitrary commands on the underlying operating system. For successful abuse, the malicious party must have access to the management interface, or command-line. It is good practice n...

PT-2025-17312

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.6.0 PyTorch ≤2.5.1 Description PyTorch is vulnerable to a Remote Command Execution RCE vulnerability. This flaw exists in versions 2.5.1 and prior, specifically when loading a model using the torch.load function wit...

CVE-2024-47463

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47462

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47463 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47463 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47463

CVE-2024-47463 describes an arbitrary file creation vulnerability in Aruba Instant AOS-8 and AOS-10 CLI service that, when exploited by an authenticated user, could lead to remote code execution on the underlying OS. The issue affects the CLI path and is tied to authenticated remote command execu...

CVE-2024-47462 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...