PT-2024-5556

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue is related to an improper neutralization of formula elements in a CSV file, which may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

CVE-2024-39202

D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution RCE vulnerability via the dhcpdstartip parameter at /goform/setlansettings...

PT-2024-13368 · Levelone · Levelone Wbr-6013

Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6013 version RER4 A v3411b 2T2R LEV 09 170623 Description: A hard-coded password vulnerability exists in the telnetd functionality, allowing attackers to execute arbitrary commands via specially crafted network packets. This issu...

LevelOne WBR-6013 Security Vulnerability

The LevelOne WBR-6013 is a wireless router from LevelOne. A security vulnerability exists in the LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623 version, which stems from the presence of residual debugging code in the boa formSysCmd function, where a specially crafted network request could result in...

CVE-2024-39202

CVE-2024-39202 affects D-Link DIR-823X firmware 240126. A remote command execution (RCE) vulnerability exists in the /goform/set_lan_settings endpoint, exploitable via the dhcpd_startip parameter due to improper input handling. This could allow an attacker with network access to execute arbitrary...

PT-2024-5330 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions = 2.0.0p39 Checkmk versions 2.1.0p47 Checkmk versions 2.2.0p32 Checkmk versions 2.3.0p11 Description: The issue is related to improper neutralization of command delimiters in the mknotifyd daemon of the Checkmk software,...

The vulnerability in the backend/script code of the proxy manager for NGINX Proxy Manager allows a perpetrator to execute arbitrary commands.

The vulnerability in the backend/script of the NGINX Proxy Manager for hosting management exists because measures to neutralize specific elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by...

The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software, related to the lack of data cleaning at the control level, allows attackers to execute arbitrary commands.

The vulnerability of ASUS RT-N12+ B1 router’s microprogramming software is related to the lack of measures taken to protect data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through CSV injection using the client name parameter...

CVE-2024-34361

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the gravityDownloadBlocklistFromUrl function. Depending on some...

CVE-2024-34361

Pi-hole CVE-2024-34361 affects Core versions before 5.18.3. The vulnerability allows an authenticated user to make internal requests via gravity_DownloadBlocklistFromUrl(), potentially leading to remote code execution (RCE). A patch exists in 5.18.3. Public advisories from Red Hat and OSV describ...

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

It is an exploit module/toolkit targeting a web application. The...

PT-2024-27742 · 14Finger · 14Finger

Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: The issue is related to a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. Recommendations: For...

rejetto HFS Security Vulnerability

rejetto HFS is a web-based file server from the individual developer Massimo Melina in Italy. A security vulnerability exists in rejetto HFS versions prior to 0.52.10, which originates from allowing an authenticated remote user to execute operating system commands...

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands components, as well as the Cloud Service Command Handlers (PushCommandExecute) of the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, allow a intruder to execute arbitrary commands.

The vulnerabilities of the Handler for User Photo Delete and Handler for Picture Delete Commands, as well as the Cloud Service Command Handlers PushCommandExecute in the microprogramming software for biometric terminals ZkTeco ProFace X, Smartec ST-FR043, and Smartec ST-FR041ME, are related to th...

CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...

The vulnerability of the get_ip.addr_details function in Ruijie RG-UAC router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the getip.addrdetails function /view/vpn/autovpn/sxhvpnlic.php in Ruijie RG-UAC router software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the web server of the microprogramming software in the industrial cellular LTE modem OnCell G3470A-LTE allows a hacker to execute arbitrary commands.

The vulnerability of the web server of the microprogramming software in the industrial cellular LTE modem OnCell G3470A-LTE is related to the lack of measures taken to neutralize special elements used in the OS commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...