CVE-2023-52138 Path traversal via crafted cpio archives in Engrampa archivers

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...

Engrampa Backlink Vulnerability

Engrampa is an archive manager for MATE environments. A security vulnerability exists in versions prior to Engrampa 63d5dfa, which stems from vulnerability to a path traversal vulnerability that can be exploited by an attacker to achieve remote command execution on the target server...

Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other...

PT-2024-2452 · Mate +1 · Engrampa +1

Name of the Vulnerable Software and Affected Versions: Engrampa versions prior to the version that includes commit 63d5dfa Description: The issue is related to a Path Traversal vulnerability in Engrampa, an archive manager for the MATE environment. This vulnerability can be leveraged to achieve...

CVE-2023-45025

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later...

Malicious code in @time-loop/electron-panel-window (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd04a51a89e2d496efa31e8eacb197a77e0fe700b691b0a07851de06f9312514 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

QNAP Multiple Products Operating System Command Injection Vulnerability

QNAP Systems QTS is an operating system used by QNAP Systems, an entry to mid-level QNAP NAS. A security vulnerability exists in multiple QNAP products that stems from an operating system command injection vulnerability. The vulnerability could allow an authenticated administrator to execute...

PT-2024-1515 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.4.2596 build 20231128 QTS versions prior to 4.5.4.2627 build 20231225 QuTS hero versions prior to h5.1.4.2596 build 20231128 QuTS hero versions prior to h4.5.4.2626 build 20231225 QuTScloud versions prior to...

QNAP Operating System Command Injection Vulnerability in Multiple Products

QNAP Systems QuTScloud and others are products of China Weilian Technology QNAP Systems.QNAP Systems QuTScloud is a cloud-optimized version of the QNAP NAS operating system.QNAP Systems QTS is an operating system for entry- to mid-range QNAP NAS use. QNAP Systems QuTS hero is an operating system...

Mirth Connect 4.4.0 Remote Command Execution Exploit

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

Mirth Connect 4.4.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirth Connect Deserialization RCE', 'Description' = %q A vulnerability exists within Mirth Connect due to its mishandling of deserialized data...

The vulnerability of the ILIAS learning management and support system, related to the improper implementation of the sequence of actions to be performed, allows a perpetrator to execute arbitrary system commands on the application server.

The vulnerability of the ILIAS learning management and support system is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands on the application server remotely...

The vulnerability of the POST Request Handler component in Trendnet’s microprogrammed routing software TEW-800MB allows a attacker to execute arbitrary commands.

The vulnerability of the POST Request Handler component in Trendnet’s TEW-800MB router software lies in insufficient validation of the DeviceURL parameter used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cause service...

The vulnerability of the do_setNTP() function in the POST Request Handler component of the Trendnet TEW-815DAP router’s microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the dosetNTP function in the POST Request Handler component of the Trendnet TEW-815DAP router’s microprogramming system is related to insufficient validation of the NtpDstStart/NtpDstEnd parameter passed in the command. Exploiting this vulnerability could allow a remote...

PT-2024-1482 · Emerson · Emerson Rosemount Gc700Xa +2

Name of the Vulnerable Software and Affected Versions: Emerson Rosemount GC370XA, GC700XA, GC1500XA affected versions not specified Description: The issue is related to the lack of measures to neutralize special elements used in the operating system command. This could allow a remote attacker to...

PT-2024-1545 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: The issue exists due to the lack of measures to neutralize special elements in the setStaticDhcpRules function of the TOTOLINK A3300R router's firmware. This allows a remote attacke...

PT-2024-1400 · Emerson · Emerson Rosemount Gc700Xa +2

Name of the Vulnerable Software and Affected Versions: Emerson Rosemount GC370XA, GC700XA, and GC1500XA products affected versions not specified Description: The issue allows an unauthenticated user with network access to execute arbitrary commands in root context from a remote computer. This is...

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

CVE-2024-1015

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...

Design/Logic Flaw

Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device...