Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

...

PT-2024-4649 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient input validation, which could allow a remote attacker to execute arbitrary commands. It also involves incorrect validation of allowed event types in a...

RLSA-2024:2566 Important: pcp security, bug fix, and enhancement update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fixes: pcp:...

pcp security, bug fix, and enhancement update

An update is available for pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot PCP is a suite of tools, services, and libraries for...

PT-2024-3691 · Totolink · Totolink Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP450 versions 4.1.0cu.747 B20191224 Description: The issue is related to the NTPSyncWithHost function of the Request Handler component in the TOTOLINK CP450 router's firmware, which fails to properly sanitize data at the management...

Oracle Linux 9 : pcp (ELSA-2024-2566)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-2566 advisory. 6.2.0-2.0.1 - Fixed libpcp derived metric issue for ol9 Orabug: 36538820 6.2.0-2 - Disable RESP proxying by default in pmproxy RHEL-30719 Tenable has extracted...

TOTOLINK EX1800T 安全漏洞

TOTOLINK EX1800T is a Wi-Fi range extender from China Gion Electronics TOTOLINK. A security vulnerability exists in TOTOLINK EX1800T version V9.1.0cu.2112B20220316, which stems from a security issue in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, which...

Sonic Technology Shopfloor.guide 安全漏洞

Sonic Technology Shopfloor.guide is an application from Sonic Technology, Inc. A security vulnerability exists in Sonic Technology Shopfloor.guide versions prior to 3.1.3. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via the level2 parameter...

SUSE: Security Advisory (SUSE-SU-2024:1417-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the user interface of the LoadMaster platform for deploying and managing applications allows a perpetrator to execute arbitrary commands.

The vulnerability of the user interface of the LoadMaster platform for application deployment and management exists due to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute arbitra...

CVE-2024-34069 Werkzeug's improper usage of a pathname and improper CSRF protection results in the remote command execution

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

The vulnerability of the QTS, QuTS Hero, QuTScloud, and myQNAPcloud operating systems exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the QTS, QuTS Hero, QuTScloud, and myQNAPcloud operating systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

PT-2024-12613 · Ibm · Ibm Aspera Orchestrator

Name of the Vulnerable Software and Affected Versions: IBM Aspera Orchestrator version 4.0.1 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Aspera Orchestrator version 4.0.1...

Media Streaming add-on 操作系统命令注入漏洞

Media Streaming add-on is a media streaming add-on. An operating system command injection vulnerability exists in Media Streaming Add-on versions prior to 500.1.1.5 2024/01/22 , which stems from the presence of an operating system command injection vulnerability that allows an authenticated...

The vulnerability of the microprogramming software in SIP phones of the Mitel series 6800, 6900, 6970, and 6900w allows a intruder to execute arbitrary commands.

The vulnerability of the microprogramming software of Mitel telephones of models 6800, 6900, 6970, and 6900w lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending...

The vulnerability of the Microprogrammed Software Routers Telesquare TLR-2005Ksh, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary commands.

The vulnerability of the Microprogrammed Software Router Telesquare TLR-2005Ksh is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the ftext() function in the upload_firmware.cgi script of the D-Link DIR-822+ wireless router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the ftext function in the uploadfirmware.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command for processing the UPLOADFILENAME parameter...

The vulnerability of the SetPlcNetworkpwd() function in the prog.cgi script of the D-Link DIR-822+ wireless router’s microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the SetPlcNetworkpwd function in the prog.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command when processing the localplc parameter...

The vulnerability of the ChgSambaUserSettings() function in the prog.cgi script of the D-Link DIR-822+ wireless router software allows a hacker to execute arbitrary commands.

The vulnerability of the ChgSambaUserSettings function in the prog.cgi script of the D-Link DIR-822+ wireless router microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the sambaname parameter. Exploiting...

The vulnerability of the implementation of the SSL VPN technology using the micro-programming software for network interfaces of the SMA 100 series, which allows a intruder to execute any command they desire.

The vulnerability of the implementation of the SSL VPN micro-programming system for network interfaces of SONICWALL series SMA 100 exists due to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor ...