PT-2024-29895 · Unknown · Sequenceserver

Name of the Vulnerable Software and Affected Versions: SequenceServer versions prior to 3.1.2 Description: The issue arises from several HTTP endpoints not properly sanitizing user input and/or query parameters, which could be exploited to inject and run unwanted shell commands. Recommendations:...

CVE-2024-3659

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659

CVE-2024-3659 affects KAON AR2140 routers. Firmware versions prior to 3.2.50 and 4.2.16 are vulnerable to a shell command injection via a crafted request to specific endpoints. Exploitation requires access to the device’s administrative portal. Remediation: upgrade to 3.2.50+ or 4.2.16+ (per vend...

KAON AR2140 安全漏洞

The KAON AR2140 is a wireless router from KAON. A security vulnerability exists in the KAON AR2140 version 4.2.16 and prior versions, which stems from the router firmware being susceptible to shell command injection attacks...

Exploit for CVE-2024-44610

CVE-2024-44610: PEAK PCAN-Ethernet Gateway FD DR Authenticated...

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

CBL Mariner 2.0 Security Update: patch (CVE-2019-13638)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13638 advisory. - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafte...

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-4748

CVE-2024-4748 affects CRUDDIY/Cruddiy. The vulnerability is a shell command injection triggered by sending a crafted POST request to the application server. The exploitation risk is described as limited because CRUDDIY is designed to be launched locally, but a user running the project could be ta...

Cruddiy Command Injection Vulnerability

Cruddiy is a free no-code PHP bootstrap CRUD generator by Jan van den Berg, a personal developer. A security vulnerability exists in Cruddiy that stems from vulnerability to shell command injection attacks...

PT-2024-32629 · Cruddiy · Cruddiy

Name of the Vulnerable Software and Affected Versions: CRUDDIY affected versions not specified Description: The issue allows for shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally...

PT-2024-23853 · Unknown · Parisneo/Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms version 5.9.0 Description: A remote code execution issue exists in the create conda env function due to the use of shell=True in the subprocess.Popen function. This allows an attacker to inject arbitrary commands by manipulati...

RHEL 8 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: shell command injection in mount.cifs CVE-2020-14342 - cifs-utils through 6.14, with verbose...

RHEL 6 : sssd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sssd: shell command injection in sssctl CVE-2021-3621 - The UNIX pipe which sudo uses to contact SSSD and...

RHEL 7 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: shell command injection in mount.cifs CVE-2020-14342 - cifs-utils through 6.14, with verbose...

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system...