FLIR AX8 version 1.46.16 and below is vulnerable to remote command injection. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This vulnerability has been assigned CVE-2022-37061.
A vulnerability in AppSmith versions prior to v1.52 allows unauthenticated remote code execution due to a misconfigured PostgreSQL database that permits execution of the COPY FROM PROGRAM command. Attackers can exploit this to run arbitrary commands on the system hosting the application.
The ABB Cylon Aspect BMS/BAS controller before 3.08.02 is vulnerable to authenticated OS command injection. Attackers can upload a specially crafted .db file that contains malicious shell commands. These commands are then executed on the server through the copyFile.sh script, bypassing filename sanitization.
The Adapt Authoring Tool version 0.11.3 is vulnerable to remote command execution. An attacker can exploit this vulnerability to execute commands remotely. This issue has been assigned CVE identifiers CVE-2024-50672 and CVE-2024-50671.
The ABB Cylon Aspect BMS/BAS controller in version 3.08.02 and below is vulnerable to an authenticated blind command injection. Attackers can execute arbitrary shell commands by manipulating input in certain POST parameters. Additionally, an off-by-one error in array access can result in undefined behavior and potential Denial of Service (DoS) attacks.
The exploit allows for remote code execution in Centreon 19.04 through a login password bruteforce attack using the centbruteon.py script. By sending specially crafted requests to the Centreon API authentication endpoint, an attacker can execute arbitrary code on the target system.
The CyberPanel version 2.3.6 and earlier allows remote attackers to execute arbitrary code via a crafted request to specific endpoints, leading to command injection. This vulnerability has been assigned CVE-2024-51378.
The ABB Cylon Aspect BMS/BAS controller before 4.00.00 allows unauthenticated attackers to execute arbitrary shell commands via unsanitized input in the serial and ManufactureDate POST parameters. This vulnerability can be exploited during the manufacturing phase when factory test scripts are present.
The MagnusSolution magnusbilling 7.3.0 software is vulnerable to command injection. An attacker can exploit this vulnerability by injecting malicious commands through a specific URL, potentially leading to unauthorized command execution.
The GestioIP version 3.5.7 is vulnerable to remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target server. This exploit is identified by CVE-2024-48760.
Services By CQR