Important: Red Hat Security Advisory: pcp security, bug fix, and enhancement update

An update for pcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

pcp: exposure of the redis server backend allows remote command execution via pmproxy

A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be...

RHEL 9 : pcp (RHSA-2024:2566)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2566 advisory. Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

Server Side Template Injection

changedetection.io is vulnerable to Remote Command Execution. The vulnerability is due to improper sanitization of user summited input, which allows an attacker to execute arbitrary code on the host...

CVE-2024-33342

D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell...

CVE-2024-27124

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...

CVE-2024-32766

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...

OESA-2024-1495 pcp security update

PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems. Security Fixes: A flaw was found in PCP. The default pmproxy configuration expose...

CVE-2024-32651

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

QNAP 多款产品操作系统命令注入漏洞

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system...

PT-2024-4605 · Asus · Asus Rt-N12+ B1

Name of the Vulnerable Software and Affected Versions: ASUS RT-N12+ B1 version affected versions not specified Description: The issue is related to a lack of data sanitization on the administrative level, allowing for the exploitation of a CSV injection vulnerability. This vulnerability enables a...

CVE-2024-33344

D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of uploadfirmware.cgi, which allows remote attackers to execute arbitrary commands via shell...

D-Link DIR-822 安全漏洞

The D-Link DIR-822 is a wireless router from China-based AUO D-Link. A security vulnerability exists in D-Link DIR-822+ version V1.0.5, which originates from a command injection in the ftext function of uploadfirmware.cgi, allowing remote attackers to execute arbitrary commands via a shell...

Progress Kemp Flowmon 11.x < 11.1.14, 12.x < 12.3.5 RCE (CVE-2024-2389)

The version of Progress Kemp Flowmon installed on the remote host is prior to 11.1.14 or 12.3.5. It is, therefore, affected by an unauthenticated command injection vulnerability as referenced in the CVE-2024-2389 advisory. - Unauthenticated, remote attackers can gain access to the web interface o...

D-Link DIR-822 安全漏洞

The D-Link DIR-822 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-822+ version V1.0.5, which originates from a command injection contained in the SetPlcNetworkpwd function of prog.cgi, allowing remote attackers to execute arbitrary commands via...

CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

CVE-2024-32651

Changedetection.io is affected by CVE-2024-32651 due to a Server-Side Template Injection (SSTI) in Jinja2 that enables Remote Command Execution on the server host. The Nuclei template and OSV entry describe an unauthenticated RCE condition via unsafe Jinja2 usage, enabling attackers to execute ar...

CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

PT-2024-24745 · Unknown +1 · Changedetection.Io +1

Name of the Vulnerable Software and Affected Versions: changedetection.io version 0.45.20 Description: The issue is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without restriction and could use a...