CVE-2024-20360

A vulnerability in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

VulnCheck KEV: CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

OESA-2024-1587 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

Ruijie Networks RG-UAC 操作系统命令注入漏洞

Ruijie Networks RG-UAC is an Internet behavior management and auditing product from China's Ruijie Networks Ruijie Networks. It is used to solve Internet auditing problems. An operating system command injection vulnerability exists in Ruijie Networks RG-UAC 20240506 and earlier versions, which...

OESA-2024-1547 less security update

Less is a pager. A pager is a program that displays text files. Other pagers commonly in use are more and pg. Pagers are often used in command-line environments like the Unix shell and the MS-DOS command prompt to display files. Security Fixes: less through 653 allows OS command execution via a...

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-34073 Command Injection in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

CVE-2024-24487

An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command...

CVE-2024-24487

The CVE-2024-24487 entry concerns Silex Technology DS-600 Firmware v1.4.1. A remote attacker can trigger a denial of service by sending crafted UDP packets that invoke the EXEC REBOOT SYSTEM command. Public documents identify the affected device and firmware version and describe the impact as DoS...

Ray OS v2.6.3 - Command Injection Exploit

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

CVE-2023-25699

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15...

PT-2024-12070 · Unknown · Videowhisper Live Streaming Integration

Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration versions n/a through 5.5.15 Description: The issue is related to an OS Command Injection vulnerability due to improper neutralization of special elements used in an OS command. This allows for OS Comman...

VulnCheck KEV: CVE-2024-1212

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution...

Tenda AC10 操作系统命令注入漏洞

Tenda AC10 is a wireless router from Tenda, China. An OS command injection vulnerability exists in Tenda AC10U version 15.03.06.48, which originates from an OS command injection in the usbName parameter of the formSetSambaConf method on the /goform/setsambacfg page...

PT-2024-3305 · Kemp · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster affected versions not specified Description: An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a...

CVE-2024-2742 OS Command Injection in Planet IGS-4215-16T2S

Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality...

Dell Unity SQL Injection Vulnerability

Dell Unity is a set of virtual Unity storage environments from Dell USA. A SQL injection vulnerability exists in Dell Unity prior to version 5.4, which stems from the inclusion of an operating system command injection vulnerability in its svccava utility. An attacker could exploit this...

CVE-2024-1212

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...