CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

CVE-2024-1212 LoadMaster Pre-Authenticated OS Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution...

Sql injection

SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter...

EC-WEB FS-EZViewer SQL Injection Vulnerability

EC-WEB FS-EZViewer is an online document viewing application. EC-WEB FS-EZViewer suffers from a SQL injection vulnerability that stems from a lack of proper restrictions on user input. A remote attacker could use this vulnerability to inject SQL commands to read, modify, and delete database recor...

PT-2024-3897 · Sap · Sap Ides Ecc-Systems

Name of the Vulnerable Software and Affected Versions: SAP IDES ECC-systems affected versions not specified Description: The issue allows the execution of arbitrary program code of a user's choice, potentially enabling an attacker to control the system's behavior by executing malicious code. This...

PT-2024-2833

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.1.5.2645 build 20240116 QuTS hero versions prior to h5.1.5.2647 build 20240118 QuTScloud versions prior to c5.1.5.2651 Description An OS command injection vulnerability exists in QNAP operating system versions due to th...

Akaunting Operating System Command Injection Vulnerability

Akaunting is an application from Akaunting that provides all the tools needed to manage money online. An operating system command injection vulnerability exists in Akaunting v3.1.3 and prior versions, which stems from the presence of an operating system command injection that could allow an...

Lepton CMS 7.0.0 Remote Code Execution

Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred...

GTKWave OS Command Injection Vulnerability (CNVD-2024-39666)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. GTKWave version 3.3.115 suffers from an operating system command injection vulnerability that can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

PaddlePaddle Operating System Command Injection Vulnerability

PaddlePaddle is an independent R&D deep learning platform open-sourced by China's PaddlePaddle. PaddlePaddle 2.6.0 version of the previous security vulnerability, the vulnerability stems from may lead to remote code execution vulnerability...

VulnCheck KEV: CVE-2017-5259

In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https:///adm/syscmd.asp...

CVE-2023-51772

One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a...

MajorDoMo Remote Code Execution

Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...

CVE-2023-49147

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...

CVE-2023-48380

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...

Command injection

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...

CVE-2023-48380 Softnext Mail SQR Expert - Command Injection

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command,...

PT-2023-28373 · Dasan Networks · W-Web

Name of the Vulnerable Software and Affected Versions: Dasan Networks - W-Web versions 1.22 through 1.27 Description: The issue is related to improper neutralization of special elements used in an OS command, also known as OS command injection. This is classified as CWE-78. Recommendations: For...

CVE-2023-48428

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...

CVE-2023-49695

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product...