15280 matches found
CVE-2024-47177
...
CVE-2024-47177
Removed by vendor...
CVE-2024-43191
IBM ManageIQ could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted yaml file request...
PT-2024-7081 · D Link · D-Link Dir-878 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-878 version DIR 878 FW130B08 D-Link DIR-882 version DIR 882 FW130B06 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the SetVirtualServerSettings function ...
PT-2024-7032 · D Link · D-Link Dir-878 +1
Name of the Vulnerable Software and Affected Versions: D-Link DIR-878 version DIR 878 FW130B08 D-Link DIR-882 version DIR 882 FW130B06 Description: The issue exists due to the lack of neutralization of special elements used in the operating system command in the SetPortForwardingSettings function...
The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 allows attackers to execute arbitrary commands.
The vulnerability of the CGI function in D-Link router microprogramming devices such as DI-7003GV2, DI-7100G+V2, DI-7100GV2, DI-7200GV2, DI-7300G+V2, and DI-7400G+V2 exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...
GHSA-HWXP-6QF7-Q3RC Remote command execution in promptr
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
CVE-2024-46489
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
CVE-2024-43693
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands...
CVE-2024-46489
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
PT-2024-9827 · Ibm · Ibm Manageiq
Name of the Vulnerable Software and Affected Versions: IBM ManageIQ affected versions not specified Description: The issue is related to a remote command execution vulnerability. It allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted...
PT-2024-32013 · Promptr · Promptr
Name of the Vulnerable Software and Affected Versions: promptr version 6.0.7 Description: A remote command execution issue allows attackers to execute arbitrary commands via a crafted URL. This can lead to privilege escalation, resulting in unauthorized access. It is crucial to prioritize...
CVE-2024-46489
A remote command execution RCE vulnerability in promptr v6.0.7 allows attackers to execute arbitrary commands via a crafted URL...
CVE-2024-46489
Promptr v6.0.7 is affected by a Remote Command Execution (RCE) issue caused by insufficient validation/handling of crafted URLs, enabling an attacker to execute arbitrary commands remotely. Confirmed across multiple sources (Red Hat, Veracode, GitHub advisory, PT-2024-32013) with high-severity ri...
DataEase Remote Command Execution Vulnerability (CNVD-2024-39251)
DataEase is a high-performance, easy-to-use, self-service data visualization and analysis tool that helps users quickly explore, understand and share data insights. DataEase suffers from a remote command execution vulnerability, which can be exploited by an attacker to leverage a code injection...
PT-2024-30620 · Unknown · Progauge Maglink Lx Console
Name of the Vulnerable Software and Affected Versions: ProGauge MAGLINK LX CONSOLE affected versions not specified Description: A specially crafted POST request to the "UTILITY sub-menu" can allow a remote attacker to inject arbitrary commands. This issue affects the ProGauge MAGLINK LX CONSOLE,...
The vulnerability of the upgrade_filter_asp function in the upgrade_filter.asp file of the D-Link DI-8400 router’s microprogramming system, allowing a hacker to execute arbitrary commands.
The vulnerability of the upgradefilterasp function in the upgradefilter.asp file of the D-Link DI-8400 router microprogramming system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...
The vulnerability of the upgrade_filter_asp function in D-Link DI-8300 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the upgradefilterasp function in D-Link DI-8300 router microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands via GET requests...
GHSA-H7MJ-M72H-QM8W DataEase's H2 datasource has a remote command execution risk
Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...
DataEase's H2 datasource has a remote command execution risk
Impact An attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. request message: POST /de2api/datasource/validate HTTP/1.1 Host: dataease.ubuntu20.vm User-Agent: python-requests/2.31.0 Accept-Encoding: gzip, deflate Accept: / Connection:...