CVE-2024-48419

The CVE-2024-48419 entry concerns the Edimax BR-6476AC router (version 1.06) with a Command Injection vulnerability in /bin/goahead. The issue can be triggered via /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd, allowing an attacker with web interface access to...

PT-2025-2192 · Newtec · Newtec/Idirect Ntc2299 +2

Name of the Vulnerable Software and Affected Versions: Newtec/iDirect NTC2218, NTC2250, NTC2299 versions 1.0.1.1 through 2.2.6.19 Description: The issue affects the commit multicast page in the modem's web administration interface, which improperly parses incoming data from the request before...

Exploit for CVE-2024-42327

Zabbix-CVE-2024-42327 RCE PoC...

Exploit for Cross-site Scripting in Melapress Wp_Activity_Log

CVE-2024-10793 PoC Set this lines to your hosts file:...

ABB Cylon Aspect 3.08.01 (servicesUpdate.php) Remote Code Execution

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated blind OS...

CVE-2024-53992 unzip-bot Allows Remote Code Execution (RCE) via archive extraction, password prompt, or video upload

unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This...

CVE-2024-49362 Remote Code Execution on click of <a> Link in markdown preview

Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This...

Joplin 代码注入漏洞

Joplin is an open source note-taking and to-do list application from the individual developer Laurent Cozic. A code injection vulnerability exists in Joplin version 3.0, which stems from improper cleanup of tag attributes that can execute untrusted HTML content within an Electron window, resultin...

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Command Execution

ABB Cylon Aspect 3.08.00 sslCertAjax.php Remote Code Execution Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy management and...

EulerOS 2.0 SP11 : emacs (EulerOS-SA-2024-2552)

According to the versions of the emacs package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.3, Gnus treats inline MIME contents as trusted.CVE-2024-30203 In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands ...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

NebulaGraph 安全漏洞

NebulaGraph is a popular open source graphics database open sourced by vesoft. A security vulnerability exists in NebulaGraph version 3.8.0 that stems from allowing shell command injection...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

PT-2024-32482 · Vesoft · Vesoft Nebulagraph

Name of the Vulnerable Software and Affected Versions: vesoft NebulaGraph versions through 3.8.0 Description: An issue was discovered in vesoft NebulaGraph that allows shell command injection. Recommendations: For versions through 3.8.0, update to a version later than 3.8.0 to resolve the issue. ...

CVE-2024-47219

An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection...

Debian dla-3891 : libmariadb-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3891 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3891-1 [email protected] https://www.debian.org/lts/security/...

Dockwatch Remote Command Execution Exploit

Dockwatch is a container management web UI for docker. It runs by default without authentication, although guidance is available for how to setup credentials for access. It has a Commands feature that allows a user to run docker commands such as inspect, network, ps. Prior to fix, it did not...

CVE-2024-6091

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...

CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...