LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

GHSA-WX43-G55G-2JF4 LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

CVE-2024-2029

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

Lektor does not sanitize database path traversal

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

GHSA-WV28-7FPW-FJ49 Lektor does not sanitize database path traversal

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

CVE-2024-28335

Lektor before 3.3.11 does not sanitize DB path traversal. Thus, shell commands might be executed via a file that is added to the templates directory, if the victim's web browser accesses an untrusted website that uses JavaScript to send requests to localhost port 5000, and the web browser is...

USN-6714-1 debian-goodies vulnerability

It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands...

CVE-2024-2448 LoadMaster Command Injection Vulnerability

An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection...

[SECURITY] [DSA 5641-1] fontforge security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5641-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 19, 2024 https://www.debian.org/security/faq -...

OESA-2024-1274 A-Tune-Collector security update

A-Tune-Collector is used to collect various system resources. Security Fixes: When the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command...

BIT-SPARK-2023-32007 Apache Spark: Shell command injection via Spark UI

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

OESA-2024-1159 aops-ceres security update

An agent which needs to be adopted in client, it managers some plugins, such as gala-gopherkpi collection, fluentdlog collection and so on. Security Fixes: In versions 1.3.0-1.4.1 of the ceres software package, the executeshellcommand function does not properly verify or filter the command or...

TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability

Talos Vulnerability Report TALOS-2023-1858 TP-Link ER7206 Omada Gigabit VPN Router uhttpd web group command injection vulnerability February 6, 2024 CVE Number CVE-2023-47617 SUMMARY A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER72...

PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...

GHSA-6H78-85V2-MMCH PHPMailer Shell command injection

PHPMailer before 1.7.4, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Impact Shell command injection, remotely exploitable if host application does not filter user data...

Command injection

An issue discovered in shell command execution in ROS2 Robot Operating System 2 Foxy Fitzroy, with ROSVERSION=2 and ROSPYTHONVERSION=3 allows an attacker to run arbitrary commands and cause other impacts...

PT-2024-14064 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Foxy Fitzroy Description: An issue was discovered in shell command execution in ROS2, allowing an attacker to run arbitrary commands and cause other impacts. The issue is related to the ROS VERSION=2 and ROS PYTH...

Axis Communications Multiple IP Cameras Command Injection (CVE-2018-10660)

An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Exploit for Argument Injection in Linuxmint Xreader

CVE-2023-44452, CVE-2023-51698: Linux Mint Xreader/MATE Atril...

CVE-2023-49235

An issue was discovered in libremotedbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command...