15280 matches found
Broadcom Symantec Privileged Access Management Input Validation Error Vulnerability
Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...
CVE-2024-39963
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution RCE vulnerability via the macFilterType parameter at /goform/setMacFilterCfg...
CVE-2024-39963
AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution RCE vulnerability via the macFilterType parameter at /goform/setMacFilterCfg...
Apache Hugegraph 1.0.0 < 1.3.0 Remote Command Execution
Apache Hugegraph versions 1.0.0 prior to 1.3.0 is affected by a vulnerability allowing an unauthenticated attacker to execute remote commands via a specially forged request. No source data...
GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
GHSA-7G94-HFQC-Q993 Apache StreamPark: Unchecked maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737
CVE-2024-29737 concerns a command-injection flaw in Apache StreamPark (Project module). The vulnerability arises from lax validation of build parameters in the Maven integration, allowing an authenticated user with system-level permissions to inject commands via the Build Argument (demonstrated b...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution
In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...
CVE-2023-52291
CVE-2023-52291 concerns Apache StreamPark. The vulnerability stems from lax validation of maven build parameters in the StreamPark project module, allowing command injection when the input parameter < is used (for example, < (curl http://xxx.com)). An attack requires the user to be logged i...
PT-2024-5158 · Ivanti · Ivanti Endpoint Manager Mobile
Name of the Vulnerable Software and Affected Versions: Ivanti Endpoint Manager Mobile EPMM versions prior to 12.1.0.1 Description: The issue is related to an insufficient authorization vulnerability in the web component of EPMM. This vulnerability allows an unauthorized attacker within the networ...
The vulnerability of the IBM Security Guardium security tool arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.
The vulnerability of the IBM Security Guardium information protection tool exists because measures to neutralize special elements used in the operating system have not been implemented. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
PT-2024-5447 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS for Secure Email Gateway affected versions not specified Description: A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute...
EulerOS 2.0 SP9 : less (EulerOS-SA-2024-1965)
According to the versions of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE.CVE-2022-48624 less through 653 allows OS command execution via a...
CVE-2024-38494
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...