Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77

CVE IDCVSSVendorExploitPatchTrends
CVE-2024-47562A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged local attacker to execute privileged commands in the underlying OS.
CVSS 8.8Siemens

-

-

Trending graph for this CVE
CVE-2024-4748The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server.  The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server.
CVSS 7.8J11g

-

-

Trending graph for this CVE
CVE-2024-47461An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system.
CVSS 7.2

-

-

Trending graph for this CVE
CVE-2024-47460Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 9Aruba

-

-

Trending graph for this CVE
CVE-2024-47177CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
CVSS 9Cups

-

Patched

Trending graph for this CVE
CVE-2024-47175A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer's capabilities (such as supported media sizes, resolutions, color modes, etc.). PPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way. The ppdCreatePPDFromIPP2 function in libppd doesn't properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.
CVSS 8.6

-

Patched

Trending graph for this CVE
CVE-2024-4712An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can lead to local privilege escalation. Note: This CVE has been split into two (CVE-2024-4712 and CVE-2024-8405) and it’s been rescored with a "Privileges Required (PR)" rating of low, and “Attack Complexity (AC)” rating of low, reflecting the worst-case scenario where an Administrator has granted local login access to standard network users on the host server.
CVSS 7.8Papercut

-

-

Trending graph for this CVE
CVE-2024-4639OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in IPSec configuration. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVSS 8.8Moxa

-

Patched

Trending graph for this CVE
CVE-2024-4638OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands.
CVSS 8.8Moxa

-

Patched

Trending graph for this CVE
CVE-2024-46256A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate.
CVSS 9.8Nginxproxymanager

-

-

Trending graph for this CVE
CVE-2024-46084Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.
CVSS 8Scriptcase

-

-

Trending graph for this CVE
CVE-2024-46048Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2024-45989Monica AI Assistant desktop application v2.3.0 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. A prompt injection allows an attacker to modify chatbot answer with an unloaded image that exfiltrates the user's sensitive chat data of the current session to a malicious third-party or attacker-controlled server.
CVSS 4Monicahq

-

-

Trending graph for this CVE
CVE-2024-45824CVE-2024-45824 IMPACT A remote code vulnerability exists in the affected products. The vulnerability occurs when chained with Path Traversal, Command Injection, and XSS Vulnerabilities and allows for full unauthenticated remote code execution. The link in the mitigations section below contains patches to fix this issue.
CVSS 9.8Rockwellautomation

-

Patched

Trending graph for this CVE
CVE-2024-4578This Advisory describes an issue that impacts Arista Wireless Access Points. Any entity with the ability to authenticate via SSH to an affected AP as the “config” user is able to cause a privilege escalation via spawning a bash shell. The SSH CLI session does not require high permissions to exploit this vulnerability, but the config password is required to establish the session. The spawned shell is able to obtain root privileges.
CVSS 8.4Arista

-

-

Trending graph for this CVE
CVE-2024-45682There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-45505Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
CVSS 8.8Apache

-

-

Trending graph for this CVE
CVE-2024-45348Xiaomi Router AX9000 has a post-authorization command injection vulnerability. This vulnerability is caused by the lack of validation of user input, and an attacker can exploit this vulnerability to execute arbitrary code.
CVSS 6.4Mi

-

-

Trending graph for this CVE
CVE-2024-45066A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS 9.8Doverfuelingsolutions

-

-

Trending graph for this CVE
CVE-2024-44916Vulnerability in admin_ip.php in Seacms v13.1, when action=set, allows attackers to control IP parameters that are written to the data/admin/ip.php file and could result in arbitrary command execution.
CVSS 7.2Seacms

-

-

Trending graph for this CVE
CVE-2024-44845DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
CVSS 8.8Draytek

Exploit

-

Trending graph for this CVE
CVE-2024-44844DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
CVSS 8.8Draytek

Exploit

-

Trending graph for this CVE
CVE-2024-44610PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
CVSS 5.6

-

-

Trending graph for this CVE
CVE-2024-44577RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.
CVSS 8.8Relyum

-

-

Trending graph for this CVE
CVE-2024-44574RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.
CVSS 8.8Relyum

-

-

Trending graph for this CVE
CVE-2024-44572RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.
CVSS 8.8Relyum

-

-

Trending graph for this CVE
CVE-2024-44570RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.
CVSS 8.8Relyum

-

-

Trending graph for this CVE
CVE-2024-44466COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
CVSS 9.8Comfast

Exploit

-

Trending graph for this CVE
CVE-2024-44413A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
CVSS 8.8Dlink

-

-

Trending graph for this CVE
CVE-2024-44410D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2024-44402D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2024-44401D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2024-44400A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2024-44383WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
CVSS 6.8Wayos

Exploit

-

Trending graph for this CVE
CVE-2024-44382D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the jhttpd upgrade_filter_asp function.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2024-44381D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd msp_info_htm function.
CVSS 9.8Dlink

Exploit

Patched

Trending graph for this CVE
CVE-2024-44335D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp.
CVSS 8.8Dlink

-

-

Trending graph for this CVE
CVE-2024-44334D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function of upgrade_filter.asp.
CVSS 8.8Dlink

-

-

Trending graph for this CVE
CVE-2024-43693A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVSS 9.8Doverfuelingsolutions

-

-

Trending graph for this CVE
CVE-2024-43613Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVSS 7.2Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-43601Visual Studio Code for Linux Remote Code Execution Vulnerability
CVSS 7.8Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-43591Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
CVSS 8.7Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-43497DeepSpeed Remote Code Execution Vulnerability
CVSS 8.4Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-43027DrayTek Vigor 3900 before v1.5.1.5_Beta, DrayTek Vigor 2960 before v1.5.1.5_Beta and DrayTek Vigor 300B before v1.5.1.5_Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi.
CVSS 8Draytek

-

-

Trending graph for this CVE
CVE-2024-42947An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2024-42905Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php file.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2024-4267A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the 'open_file' module, version 9.5. The vulnerability arises due to improper neutralization of special elements used in a command within the 'open_file' function. An attacker can exploit this vulnerability by crafting a malicious file path that, when processed by the 'open_file' function, executes arbitrary system commands or reads sensitive file content. This issue is present in the code where subprocess.Popen is used unsafely to open files based on user-supplied paths without adequate validation, leading to potential command injection.
CVSS Low

-

-

Trending graph for this CVE
CVE-2024-42636DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
CVSS 7.2Dedecms

-

-

Trending graph for this CVE
CVE-2024-4253A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or secrets exfiltration. The issue affects versions up to and including '@gradio/video@0.6.12'. The flaw is present in the workflow's handling of GitHub context information, where it echoes the full name of the head repository, the head branch, and the workflow reference without adequate sanitization. This could potentially lead to the exfiltration of sensitive secrets such as 'GITHUB_TOKEN', 'COMMENT_TOKEN', and 'CHROMATIC_PROJECT_TOKEN'.
CVSS LowGradio project

-

-

Trending graph for this CVE
CVE-2024-42509Command injection vulnerability in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 9.8Aruba

-

-

Trending graph for this CVE
CVE-2024-42507Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 9.8Aruba

-

-

Trending graph for this CVE
CVE-2024-42506Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 9.8Aruba

-

-

Trending graph for this CVE
CVE-2024-42505Command injection vulnerabilities in the underlying CLI service could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVSS 9.8Aruba

-

-

Trending graph for this CVE
CVE-2024-42427Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVSS 7.6

-

-

Trending graph for this CVE
CVE-2024-42360SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
CVSS 9.8Wurmlab

-

Patched

Trending graph for this CVE
CVE-2024-42348FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395.
CVSS 8.6Fogproject

Exploit

Patched

Trending graph for this CVE
CVE-2024-42025A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
CVSS 7.8Ui

-

Patched

Trending graph for this CVE
CVE-2024-41815Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.
CVSS 7Starship

Exploit

Patched

Trending graph for this CVE
CVE-2024-41637RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password.
CVSS 8.3Raspap

-

Patched

Trending graph for this CVE
CVE-2024-41320TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function.
CVSS 8.8Totolink

-

-

Trending graph for this CVE
CVE-2024-41319TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2024-41318TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
CVSS 9.8Totolink

-

-

Trending graph for this CVE
CVE-2024-41316TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS 9.8Totolink

-

-

Trending graph for this CVE
CVE-2024-41153Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.
CVSS 7.2Hitachienergy

-

Patched

Trending graph for this CVE
CVE-2024-41136An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVSS 8.8Arubanetworks

-

Patched

Trending graph for this CVE
CVE-2024-41135A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
CVSS 7.2Aruba

-

-

Trending graph for this CVE
CVE-2024-41134A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
CVSS 7.2

-

-

Trending graph for this CVE
CVE-2024-41133A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise
CVSS 7.2

-

-

Trending graph for this CVE
CVE-2024-4078A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed.
CVSS Low

-

-

Trending graph for this CVE
CVE-2024-40110Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.
CVSS 9.8Poultry farm management system project

Exploit

-

Trending graph for this CVE
CVE-2024-40089A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.
CVSS 9.1

-

-

Trending graph for this CVE
CVE-2024-39963AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg.
CVSS 8Dlink

-

-

Trending graph for this CVE
CVE-2024-39914FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.34, packages/web/lib/fog/reportmaker.class.php in FOG was affected by a command injection via the filename parameter to /fog/management/export.php. This vulnerability is fixed in 1.5.10.34.
CVSS 9.8Fogproject

-

-

Trending graph for this CVE
CVE-2024-39577Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability leading to code execution.
CVSS 7.1Dell

-

-

Trending graph for this CVE
CVE-2024-39571A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.
CVSS 8.8Siemens

-

Patched

Trending graph for this CVE
CVE-2024-39570A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges.
CVSS 8.8Siemens

-

Patched

Trending graph for this CVE
CVE-2024-39569A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.
CVSS 7.2Siemens

-

Patched

Trending graph for this CVE
CVE-2024-39568A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
CVSS 7.8Siemens

-

Patched

Trending graph for this CVE
CVE-2024-39567A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
CVSS 7.8Siemens

-

-

Trending graph for this CVE
CVE-2024-39563A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device. A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance. This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability.
CVSS 7.3Juniper

-

-

Trending graph for this CVE
CVE-2024-39438In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVSS 6.7Unisoc, et al

-

Patched

Trending graph for this CVE
CVE-2024-39437In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVSS 6.7Unisoc, et al

-

Patched

Trending graph for this CVE
CVE-2024-39436In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.
CVSS 6.7Unisoc, et al

-

Patched

Trending graph for this CVE
CVE-2024-39373TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative privileges.
CVSS 7.2

-

-

Trending graph for this CVE
CVE-2024-39226GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data.
CVSS 9.8Gl-inet

Exploit

-

Trending graph for this CVE
CVE-2024-3908A vulnerability classified as critical has been found in Tenda AC500 2.0.1.9(1307). Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261144. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3Tenda

-

-

Trending graph for this CVE
CVE-2024-39028An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
CVSS 9.8Seacms

Exploit

-

Trending graph for this CVE
CVE-2024-38903H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.
CVSS 4.1

-

-

Trending graph for this CVE
CVE-2024-38896WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
CVSS 5.3Wavlink

-

-

Trending graph for this CVE
CVE-2024-38894WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
CVSS 5.3Wavlink

-

-

Trending graph for this CVE
CVE-2024-38817Mware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.
CVSS 6.7Vmware

-

-

Trending graph for this CVE
CVE-2024-3871The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements two features (access control lists management, WPS pin setup) that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote authenticated attackers to gain remote command execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2.
CVSS 9.8Deltaww

-

-

Trending graph for this CVE
CVE-2024-38641An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
CVSS 7.8Qnap

-

Patched

Trending graph for this CVE
CVE-2024-38492This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
CVSS LowBroadcom

-

-

Trending graph for this CVE
CVE-2024-38486Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVSS 8.8Dell

-

Patched

Trending graph for this CVE
CVE-2024-38288A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.
CVSS 7.2Rhubcom

Exploit

-

Trending graph for this CVE
CVE-2024-38228Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.2Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-38227Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.2Microsoft

-

Patched

Trending graph for this CVE
CVE-2024-37642TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck .
CVSS 9.1Trendnet

-

-

Trending graph for this CVE
CVE-2024-37570On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command. This leads to $() command execution.
CVSS 8.8Mitel

Exploit

-

Trending graph for this CVE