CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...

CVE-2024-46983 Remote Command Execution(RCE) Vulnerbility in sofa-hessian

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blackli...

GHSA-C459-2M73-67HJ SOFA Hessian Remote Command Execution (RCE) Vulnerability

Impact SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on...

Backdoor.Win32.BlackAngel.13 MVID-2024-0695 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/d1523df44da5fd40df92602b8ded59c8.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.BlackAngel.13 Vulnerability: Unauthenticated Remote Command Execution Description...

Dockwatch Remote Command Execution Exploit

Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...

TAKENAKA ENGINEERING多款产品 安全漏洞

TAKENAKA ENGINEERING HDVR-400 and others are a digital video recorder from TAKENAKA ENGINEERING. A security vulnerability exists in various TAKENAKA ENGINEERING products that originates from improper user authentication and could allow an authenticated, remote attacker to execute arbitrary...

VulnCheck KEV: CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

CVE-2024-45398 Remote command execution through file upload in contao/core-bundle

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...

CVE-2024-42503 Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)

Authenticated command execution vulnerability exist in the ArubaOS command line interface CLI. Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system...

CVE-2024-42502 Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system...

CVE-2024-42502 Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface

Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system...

CVE-2024-42501 Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501 Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

Contao affected by remote command execution through file upload

Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...

GHSA-VM6R-J788-HJH5 Contao affected by remote command execution through file upload

Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...

Remote command execution through file uploads

Date : 2024-09-17 CVE ID : CVE-2024-45398 Back end users with access to the file manager can upload malicious files and execute them on the server. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4.8 Contao 4.9 Contao 4.10 Contao 4....

CVE-2024-45698

Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device...

The vulnerability of the microprogrammed software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN devices allows a hacker to execute arbitrary commands.

The vulnerability of the microprogrammed network devices Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the microprogrammed network device software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN lies in the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software in Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN devices is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

QNAP QTS and QuTS hero OS command injection vulnerability (CNVD-2025-27829)

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...