EUVD-2024-24413

Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL...

CVE-2024-27143

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination...

PT-2024-4209

Name of the Vulnerable Software and Affected Versions ASUS routers affected versions not specified Description The issue concerns an arbitrary firmware upload vulnerability in certain ASUS router models. This vulnerability can be exploited by an unauthenticated remote attacker to execute arbitrar...

Rocky Linux 8 : pcp (RLSA-2024:3264)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:3264 advisory. pcp: exposure of the redis server backend allows remote command execution via pmproxy CVE-2024-3019 Tenable has extracted the preceding description block directl...

The vulnerability of the NTPSyncWithHost() function in TOTOLINK LR350 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the NTPSyncWithHost function in TOTOLINK LR350 router microprogramming devices is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands through the hosttime parameter...

The vulnerability of the LenelS2 NetBox access control and event monitoring system, related to the implementation or modification of arguments, allows a intruder to execute arbitrary commands.

The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the Socket Library component in computer typesetting systems like LuaTeX, TeX Live, and MiKTeX allows attackers to execute arbitrary commands.

The vulnerability of the Socket Library component in computer typesetting systems using LuaTeX, TeX Live, and MiKTeX exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Exploit for Command Injection in Mitel 6869I_Sip_Firmware

CVE A repository containing exploit code / zero-day research I...

RHEL 7 : cpio (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cpio: directory traversal through symlinks CVE-2015-1197 - cpio: out of bounds write CVE-2016-2037 Note...

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

The vulnerability of TP-Link Archer C5400X(EU) Wi-Fi routers’ microprogramming software lies in the lack of measures taken to clean data at the control level. This allows attackers to execute arbitrary commands with elevated privileges.

The vulnerability of TP-Link Archer C5400XEU Wi-Fi routers’ microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with elevated privileges...

awkblog vulnerable to OS command injection

Overview awkblog provided by Keisuke Nakayama contains an OS command injection vulnerability CWE-78. Keigo YAMAZAKI of LAC Co., Ltd. / Nuligen Security Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

PT-2024-4058 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version V9.3.5u.6369 B20220309 Description: The issue is related to the NTPSyncWithHost function in the TOTOLINK LR350 router's firmware, which lacks input validation. This can be exploited by a remote attacker to execute...

The vulnerability of the addVlan function (/view/networkConfig/vlan/vlan_add_commit.php) in the Tenda FH1206 router software allows a hacker to trigger a service failure.

The vulnerability of the addVlan function /view/networkConfig/vlan/vlanaddcommit.php of the Tenda FH1206 router software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute...

The vulnerability of the /view/vpn/autovpn/online.php file in the Ruijie RG-UAC router microprogramming software allows a hacker to execute any command they desire.

The vulnerability of the /view/vpn/autovpn/online.php file of the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the /view/vpn/autovpn/sub_commit.php file in the Ruijie RG-UAC router microprogramming software allows a perpetrator to execute any command they desire.

The vulnerability of the /view/vpn/autovpn/subcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the /view/systemConfig/sys_user/user_commit.php file in the Ruijie RG-UAC router microprogramming system allows a attacker to execute any command they desire.

The vulnerability of the /view/systemConfig/sysuser/usercommit.php file in the Ruijie RG-UAC network management tool exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

The vulnerability of the /view/networkConfig/GRE/gre_edit_commit.php file in the Ruijie RG-UAC router microprogramming software allows a attacker to execute any command they desire.

The vulnerability of the /view/networkConfig/GRE/greeditcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the OXMF template parser component in the OX App Suite software allows a perpetrator to execute arbitrary commands and gain access to read, modify, or delete data.

The vulnerability of the OXMF template parser component in the OX App Suite program lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely and gain acces...

The vulnerability of the /view/vpn/autovpn/online_check.php file in the Ruijie RG-UAC router micro-programming software allows a perpetrator to execute any command they desire.

The vulnerability of the /view/vpn/autovpn/onlinecheck.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...