CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

AlmaLinux 9 : ghostscript (ALSA-2024:6197)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6197 advisory. ghostscript: format string injection leads to shell command execution SAFER bypass CVE-2024-29510 ghostscript: path traversal and command execution due to...

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

ALSA-2024:6197 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: ghostscript: format string injection leads to shell command execution SAFER bypass...

SequenceServer 安全漏洞

SequenceServer is an intuitive graphical web interface from the Yannick Wurm team. It is used to run BLAST bioinformatics tools. A security vulnerability exists in SequenceServer versions prior to 3.1.2 that stems from not properly cleaning up user input and query parameters, which could be...

PT-2024-29895 · Unknown · Sequenceserver

Name of the Vulnerable Software and Affected Versions: SequenceServer versions prior to 3.1.2 Description: The issue arises from several HTTP endpoints not properly sanitizing user input and/or query parameters, which could be exploited to inject and run unwanted shell commands. Recommendations:...

CVE-2024-3659

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659 Command injection in KAON AR2140 routers

Firmware in KAON AR2140 routers, prior to versions 3.2.50 and 4.2.16, is vulnerable to a shell command injection via sending a crafted request to one of the endpoints. In order to exploit this vulnerability, one has to have access to the administrative portal of the router...

CVE-2024-3659

CVE-2024-3659 affects KAON AR2140 routers. Firmware versions prior to 3.2.50 and 4.2.16 are vulnerable to a shell command injection via a crafted request to specific endpoints. Exploitation requires access to the device’s administrative portal. Remediation: upgrade to 3.2.50+ or 4.2.16+ (per vend...

KAON AR2140 安全漏洞

The KAON AR2140 is a wireless router from KAON. A security vulnerability exists in the KAON AR2140 version 4.2.16 and prior versions, which stems from the router firmware being susceptible to shell command injection attacks...

In Emacs before 29.4 org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function such as shell-command-to-string. This affects Org Mode before 9.7.5.

...

Exploit for CVE-2024-44610

CVE-2024-44610: PEAK PCAN-Ethernet Gateway FD DR Authenticated...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache ActiveMQ vulnerabilities (USN-6910-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6910-1 advisory. Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly...

CVE-2024-3799

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

CVE-2024-3798

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

CVE-2024-3798

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

CVE-2024-3799

CVE-2024-3799 describes an insecure handling of POST header body in Phoniebox that allows an attacker to craft a webpage which, when visited by a user, causes the user’s browser to send malicious requests to hosts on the local network, potentially triggering shell command execution on the vulnera...