CVE-2024-3799 Shell command injection in Phoniebox

Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reach...

CVE-2024-3798 Insecure handling of GET argument in Phoniebox

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

CVE-2024-3798 Insecure handling of GET argument in Phoniebox

Insecure handling of GET header parameter file included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reache...

CVE-2024-3798

CVE-2024-3798 concerns Phoniebox where insecure handling of a GET header parameter file in requests can trigger a website to cause malicious requests to hosts on the local network. The underlying flaw is improper processing of the header parameter, enabling a payload that may lead to shell comman...

Phoniebox Security Breach

Phoniebox is a contactless jukebox for the Raspberry Pi by the individual developer Micz Flor. A security vulnerability exists in Phoniebox version 2.7 and earlier, which stems from insecure handling of the GET header parameter file contained in requests, and is vulnerable to shell command...

OS Command Execution

HFS is vulnerable to OS Command Execution. The vulnerability is due to using execSync instead of spawnSync in a childprocess to execute the df shell command, which allows an attacker to execute OS commands remotely via the file upload feature...

CBL Mariner 2.0 Security Update: patch (CVE-2019-13638)

The version of patch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13638 advisory. - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafte...

Mageia: Security Advisory (MGASA-2024-0237)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated emacs packages fix security vulnerability

Arbitrary shell command evaluation in Org mode GNU Emacs...

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

CVE-2024-39331

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. Mitigation Do not open Org mode files or...

CVE-2024-4748

CVE-2024-4748 affects CRUDDIY/Cruddiy. The vulnerability is a shell command injection triggered by sending a crafted POST request to the application server. The exploitation risk is described as limited because CRUDDIY is designed to be launched locally, but a user running the project could be ta...

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

PT-2024-32629 · Cruddiy · Cruddiy

Name of the Vulnerable Software and Affected Versions: CRUDDIY affected versions not specified Description: The issue allows for shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally...

Cruddiy Command Injection Vulnerability

Cruddiy is a free no-code PHP bootstrap CRUD generator by Jan van den Berg, a personal developer. A security vulnerability exists in Cruddiy that stems from vulnerability to shell command injection attacks...

PT-2024-23853 · Unknown · Parisneo/Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms version 5.9.0 Description: A remote code execution issue exists in the create conda env function due to the use of shell=True in the subprocess.Popen function. This allows an attacker to inject arbitrary commands by manipulati...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

AZL-42868 CVE-2024-39331 affecting package emacs for versions less than 29.4-1

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

AZL-42925 CVE-2024-39331 affecting package emacs for versions less than 29.4-1

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...