PAN-OS management interface authentication bypass

Added: 11/20/2024 CVE: CVE-2024-0012 Background Palo Alto Networks firewall provides policy-based visibility and control over applications, users and threats. Problem An authentication bypass vulnerability combined with a command injection vulnerability in the PAN-OS management interface allows...

PAN-OS management interface authentication bypass

Added: 11/20/2024 CVE: CVE-2024-0012 Background Palo Alto Networks firewall provides policy-based visibility and control over applications, users and threats. Problem An authentication bypass vulnerability combined with a command injection vulnerability in the PAN-OS management interface allows...

FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

FortiManager fgfmd remote command execution

Added: 11/15/2024 Background FortiManager is an integrated platform for the centralized management of products in a Fortinet security infrastructure. Problem Missing authentication in the fgfmd service could allow a remote attacker to execute arbitrary commands. Resolution Upgrade to FortiManager...

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

CyberPanel upgrademysqlstatus authentication bypass and command injection

Added: 11/07/2024 Background CyberPanel is a web hosting control panel. Problem A pair of vulnerabilities in the upgrademysqlstatus web resource could allow a remote attacker to bypass authentication using a PUT request and execute arbitrary commands with a specially crafted statusfile parameter...

MediaTek wappd buffer overflow

Added: 09/30/2024 Background MediaTek Wi-Fi chipsets and SoftAP driver bundles include wappd , a network daemon responsible for configuring and managing wireless interfaces and access points. Problem A buffer overflow in wappd could allow remote code execution on a large variety of devices...

MediaTek wappd buffer overflow

Added: 09/30/2024 Background MediaTek Wi-Fi chipsets and SoftAP driver bundles include wappd , a network daemon responsible for configuring and managing wireless interfaces and access points. Problem A buffer overflow in wappd could allow remote code execution on a large variety of devices...

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

Apache HugeGraph Gremlin command injection

Added: 08/20/2024 Background Apache HugeGraph is a graph database. HugeGraph supports Gremlin, a graph traversal language. Problem A vulnerability in Apache HugeGraph allows remote attackers to bypass sandbox restrictions and execute arbitrary commands through Gremlin. Resolution Upgrade to...

Rejetto HTTP File Server template injection

Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...

Rejetto HTTP File Server template injection

Added: 07/10/2024 Background Rejetto HTTP File Server is a web-based file system application. Problem A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request. Resolution Upgrade to a version higher than HTTP File Server H...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

GeoServer JAI-EXT extension command injection

Added: 06/27/2024 Background GeoServer is an open source server for sharing geospatial data. Java Advanced Imaging JAI is an API which provides a set of high level objects for the image processing. JAI-EXT is an open source project which extends the JAI API. Jiffle is a map algebra language...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade to...

Mirth Connect deserialization vulnerability

Added: 05/23/2024 Background Mirth Connect is an application which translates message standards for healthcare systems. Problem A deserialization vulnerability in Mirth Connect allows remote attackers to execute arbitrary commands by sending a specially crafted API request. Resolution Upgrade to...

D-Link NAS nas_sharing.cgi command injection

Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage NAS devices allow different clients to connect to a centralized disk on a Local Area Network LAN. Problem A backdoor and a command injection vulnerability in the nassharing.cgi script allow a remote attacker to execut...

D-Link NAS nas_sharing.cgi command injection

Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage NAS devices allow different clients to connect to a centralized disk on a Local Area Network LAN. Problem A backdoor and a command injection vulnerability in the nassharing.cgi script allow a remote attacker to execut...

FileCatalyst Workflow ftpservlet file upload

Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...

FileCatalyst Workflow ftpservlet file upload

Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...

Ivanti Cloud Services Appliance exec cookie command injection

Added: 03/26/2024 Background Ivanti Cloud Services Appliance CSA is an appliance that connects the console and managed devices over the Internet. Problem Cloud Services Appliance 4.5 and 4.6 are affected by a vulnerability which could allow a remote unauthenticated attacker to inject arbitrary...

Ivanti Cloud Services Appliance exec cookie command injection

Added: 03/26/2024 Background Ivanti Cloud Services Appliance CSA is an appliance that connects the console and managed devices over the Internet. Problem Cloud Services Appliance 4.5 and 4.6 are affected by a vulnerability which could allow a remote unauthenticated attacker to inject arbitrary...

FortiWLM progressfile command injection

Added: 03/18/2024 Background Fortinet Wireless Manager FortiWLM allows you to manage wireless networks on FortiGates. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted...

FortiWLM progressfile command injection

Added: 03/18/2024 Background Fortinet Wireless Manager FortiWLM allows you to manage wireless networks on FortiGates. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by calling the deleteprogressfile function with a specially crafted...

QNAP QTS quick.cgi command execution

Added: 03/08/2024 Background QNAP is an operating system for Network Attached Storage NAS devices. QTS QNAP Turbo NAS System is the Turbo NAS Operating System for entry and mid-level QNAP NAS. Problem A vulnerability in the quick.cgi component in uninitialized QNAP NAS devices allows remote...

QNAP QTS quick.cgi command execution

Added: 03/08/2024 Background QNAP is an operating system for Network Attached Storage NAS devices. QTS QNAP Turbo NAS System is the Turbo NAS Operating System for entry and mid-level QNAP NAS. Problem A vulnerability in the quick.cgi component in uninitialized QNAP NAS devices allows remote...

Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other...

Ivanti Connect Secure Server-Side Request Forgery

Added: 02/05/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem A server-side request forgery vulnerability in the SAML component allows attackers to access restricted resources without authentication. This can lead to remote command execution when chained with other...

Ivanti Connect Secure and Policy Secure authentication bypass and command injection

Added: 01/18/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. Resolution Apply the...

Ivanti Connect Secure and Policy Secure authentication bypass and command injection

Added: 01/18/2024 Background Ivanti Connect Secure is a web-based remote access VPN. Problem An authentication bypass vulnerability and a command injection vulnerability when exploited together could allow a remote unauthenticated attacker to execute arbitrary commands. Resolution Apply the...

Apache Struts file upload directory traversal

Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

Apache Struts file upload directory traversal

Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

Sophos Web Appliance UsrBlocked.php command injection

Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...

Sophos Web Appliance UsrBlocked.php command injection

Added: 11/24/2023 CVE: CVE-2023-1671 Background Sophos Web Appliance is a web proxy providing HTTP security. Problem A vulnerability in UsrBlocked.php allows remote attackers to inject arbitrary commands into an HTTP request. Resolution Upgrade to Sophos Web Appliance 4.3.10.4 or higher. Referenc...

Atlassian Confluence Data Center and Server broken access control

Added: 11/02/2023 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. Resolution...

Atlassian Confluence Data Center and Server broken access control

Added: 11/02/2023 Background Atlassian Confluence is a collaboration and knowledge management application. Problem Broken access control in Atlassian Confluence Data Center and Server could allow a remote attacker to create an administrator account, leading to remote command execution. Resolution...

JetBrains TeamCity authentication bypass

Added: 10/03/2023 Background JetBrains TeamCity is a continuous integration tool for DevOps teams. Problem An authentication bypass vulnerability in JetBrains TeamCity could allow remote attackers to execute arbitrary commands. Resolution Upgrade to TeamCity 2023.05.4 or higher. References...

JetBrains TeamCity authentication bypass

Added: 10/03/2023 Background JetBrains TeamCity is a continuous integration tool for DevOps teams. Problem An authentication bypass vulnerability in JetBrains TeamCity could allow remote attackers to execute arbitrary commands. Resolution Upgrade to TeamCity 2023.05.4 or higher. References...

VMware Aria Operations for Networks default SSH key

Added: 09/06/2023 Background SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device. Probl...

VMware Aria Operations for Networks default SSH key

Added: 09/06/2023 Background SSH Private keys are used for authentication for many devices. Devices shipped with a default, static key are vulnerable to compromise if the public discovers the key. The private key can be re-used by an attacker to gain remote, privileged access to the device. Probl...

Citrix ShareFile StorageZones file upload

Added: 08/28/2023 Background ShareFile is a file sharing service. StorageZones are user-maintained storage for ShareFile data. Problem A vulnerability in ShareFile StorageZones Controller allows remote attackers to upload arbitrary files, leading to command execution. Resolution Upgrade to...

Citrix ShareFile StorageZones file upload

Added: 08/28/2023 Background ShareFile is a file sharing service. StorageZones are user-maintained storage for ShareFile data. Problem A vulnerability in ShareFile StorageZones Controller allows remote attackers to upload arbitrary files, leading to command execution. Resolution Upgrade to...

Citrix ADC nsppe buffer overflow

Added: 08/09/2023 CVE: CVE-2023-3519 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Problem A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a special...

Citrix ADC nsppe buffer overflow

Added: 08/09/2023 CVE: CVE-2023-3519 Background Citrix ADC formerly NetScaler ADC is an application delivery and load balancing platform. Problem A buffer overflow vulnerability in the nsppe process in Citrix ADC allows an unauthenticated attacker to execute arbitrary commands by making a special...

SPIP password reset serialization vulnerability

Added: 06/23/2023 Background SPIP is a web-based publishing system written in PHP. Problem Mishandling of serialized data in SPIP's password reset form allows remote attackers to execute arbitrary commands. Resolution Upgrade to SPIP 3.2.18, 4.0.10, 4.1.8, 4.2.1 or higher. References...

SPIP password reset serialization vulnerability

Added: 06/23/2023 Background SPIP is a web-based publishing system written in PHP. Problem Mishandling of serialized data in SPIP's password reset form allows remote attackers to execute arbitrary commands. Resolution Upgrade to SPIP 3.2.18, 4.0.10, 4.1.8, 4.2.1 or higher. References...

PaperCut authentication bypass

Added: 05/12/2023 Background PaperCut is print management software. It includes a web interface written in Java. Problem An authentication bypass vulnerability in the SetupCompleted class allows a remote, unauthenticated attacker to execute arbitrary code in the context of SYSTEM. Resolution...

PaperCut authentication bypass

Added: 05/12/2023 Background PaperCut is print management software. It includes a web interface written in Java. Problem An authentication bypass vulnerability in the SetupCompleted class allows a remote, unauthenticated attacker to execute arbitrary code in the context of SYSTEM. Resolution...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...

IBM Aspera Faspex YAML deserialization

Added: 04/13/2023 Background IBM Aspera Faspex is a centralized, high-speed transfer solution using the FASP protocol. Problem A YAML deserialization vulnerability allows remote attackers to execute arbitrary commands by sending a POST request for relaypackage with specially crafted JSON content...