3866 matches found
CVE-2024-53672 Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system...
PT-2024-9480 · Advantech · Advantech Eki-6333Ac-2G +1
Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: A security issue was discovered in the connection profile apply API, wher...
CVE-2024-11659 EnGenius ENH1350EXT/ENS500-AC/ENS620EXT diag_iperf command injection
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diagiperf. The manipulation of the argument iperf leads to command injection. The attack may be...
CVE-2024-11654
The CVE-2024-11654 entry applies to EnGenius ENH1350EXT, ENS500-AC and ENS620EXT (up to 2024-11-18). The vulnerability affects an unspecified part of the file /admin/network/diag_traceroute6, where manipulation of the diag_traceroute6 parameter yields a command-injection flaw. It is exploitable r...
PT-2024-17161 · Engenius · Engenius Ens500-Ac +2
Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 Description: A critical vulnerability affects an unknown functionality of the file /admin/sn package/sn https. The manipulation of the argument https enable leads to command injectio...
PT-2024-17164 · Engenius · Engenius Ens500-Ac +2
Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT versions up to 20241118 EnGenius ENS500-AC versions up to 20241118 EnGenius ENS620EXT versions up to 20241118 Description: A critical vulnerability was found in the specified EnGenius devices, affecting the file...
CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...
CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...
CVE-2024-11666
CVE-2024-11666 affects cph2_echarge_firmware up to 2.0.4. Root cause: peer verification is disabled and communication with the eCharge cloud infrastructure occurs over an insecure channel, enabling remote unauthenticated users on the network between the EV charger controller and eCharge infrastru...
CVE-2024-11665 Unauthenticated Remote Command Injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in hardy-barth cph2echargefirmware allows OS Command Injection.This issue affects cph2echargefirmware: through 2.0.4...
CVE-2024-11665 Unauthenticated Remote Command Injection
Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in hardy-barth cph2echargefirmware allows OS Command Injection.This issue affects cph2echargefirmware: through 2.0.4...
PT-2024-17160 · Engenius · Engenius Ens500-Ac +2
Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT versions up to 20241118 Description: A critical issue affects an unknown function of the file /admin/network/wifi schedule. The manipulation of the argument wifi schedule day em 5 leads to command...
CVE-2024-8806
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
LLaMA-Factory 操作系统命令注入漏洞
LLaMA-Factory is a fine-tuned large-scale language model by a Chinese hoshi-hiyouga individual developer. A cross-site scripting vulnerability exists in LLaMA-Factory version 0.9.0 and earlier, which stems from improper handling of user input and allows malicious actors to execute arbitrary...
PT-2024-32621 · Myscada · Myscada Mypro Manager
Name of the Vulnerable Software and Affected Versions: mySCADA myPRO Manager affected versions not specified Description: A parameter within a command does not properly validate input, which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Th...
cups security update
1:2.3.3op2-31 - RHEL-60343 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...
GeoVision EOL 操作系统命令注入漏洞
GeoVision EOL is a series of surveillance devices from the Chinese company GeoVision. GeoVision EOL suffers from an operating system command injection vulnerability that originates from an unauthenticated, remote attacker being able to inject and execute arbitrary system commands on the device...