Security update for etcd

This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: CVE-2018-16873: Fixed remote command execution in cmd/go bsc1118897 CVE-2018-16874: Fixed directory traversal in cmd/go bsc1118898 CVE-2018-16875: Fixed CPU denial of service in crypto/x509 bsc1118899...

The vulnerability of the Telnet service of D-Link’s wireless routers, such as DIR-X4860, DIR-X5460A1, and COVR-X1870, allows a hacker to execute arbitrary commands in the basic operating system.

The vulnerability of D-Link DIR-X4860, DIR-X5460A1, and COVR-X1870 wireless routers lies in the presence of undocumented configuration commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating system using hard-coded credentials...

The vulnerability of the virtual keyboard of the VisionOS operating system, which allows a hacker to escalate their privileges and execute arbitrary commands

The vulnerability of the virtual keyboard in the VisionOS operating system is related to the improper assignment of permissions for a critical resource. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary commands remotely...

GHSA-4R7V-WHPG-8RX3 changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution

Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...

VulnCheck KEV: CVE-2014-4663

TimThumb 2.8.13 and WordThumb 1.07, when Webshot aka Webshots is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution Vulnerability

ABB Cylon Aspect version 3.08.00 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the country, state, locality, organization, and hostname HTTP POST parameters called by the sslCertAjax.php script. ABB...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

CVE-2024-45731 Potential Remote Command Execution (RCE) through arbitrary file write to Windows system root directory when Splunk Enterprise for Windows is installed on a separate disk

In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for...

pickle deserialization vulnerability

Description There is a pickle deserialization vulnerability in the Latex English error correction plug-in function of gptacademic, which allows attackers to achieve remote command execution Environment setup 1. wget https://github.com/binary-husky/gptacademic/archive/refs/tags/version3.83.zip 2...

Exploit for Incorrect Implementation of Authentication Algorithm in Ivanti Virtual_Traffic_Management

CVE-2024-7593 Description: CVE-2024-7593 is a critical v...

PT-2024-10336 · Unknown · Gpt Academic

Name of the Vulnerable Software and Affected Versions: GPT Academic affected versions not specified Description: The issue is related to a flaw in the deserialization mechanism of the latex pickle io.py module in the GPT Academic machine learning application. This flaw can be exploited by a remot...

CVE-2024-39563

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete...

CVE-2024-39563 Junos Space: Remote Command Execution (RCE) vulnerability in web application

A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete...

Kafka UI 0.7.1 Code Injection

============================================================================================================================================= | Title : Kafka UI 0.7.1 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits |...

Craft CMS 4.4.14 Code Injection

============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...

Openfire 4.8.0 Code Injection

============================================================================================================================================= | Title : Openfire release 4.8.0 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 6...

The vulnerability of the MongoDB Rust Driver’s database management system driver lies in its improper handling of syntactically incorrect structures, allowing attackers to execute arbitrary commands.

The vulnerability of the MongoDB Rust Driver driver is related to the improper handling of syntaxically incorrect structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Cisco Small Business WEB Interface Remote Command Execution Vulnerability

Cisco Small Business Routers is a router device from Cisco. A security vulnerability exists in the Cisco Small Business WEB interface, which can be exploited by an authenticated remote attacker with WEB administrative privileges to submit a special request that can be used in a root context to...

PT-2024-7255 · Abb · Abb Ac 800M

Name of the Vulnerable Software and Affected Versions: ABB AC 800M affected versions not specified Description: The issue is related to errors in processing input data in the ABB AC 800M controller firmware. It allows a remote attacker to execute arbitrary commands by sending specially crafted MM...