NotCVE - "remote Code Execution"

Page 23 of 43324 results (0.238 seconds)

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43651 – Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

https://notcve.org/view.php?id=CVE-2024-43651

09 Jan 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate – The binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access t... • https://csirt.divd.nl/CVE-2024-43651 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43654 – Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

https://notcve.org/view.php?id=CVE-2024-43654

09 Jan 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate – The binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will ... • https://csirt.divd.nl/CVE-2024-43654 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43649 – Authenticated command injection via <redacted>.exe <redacted> parameter

https://notcve.org/view.php?id=CVE-2024-43649

09 Jan 2025 — Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. ... Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. • https://csirt.divd.nl/CVE-2024-43649 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43653 – Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

https://notcve.org/view.php?id=CVE-2024-43653

09 Jan 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – The binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain ... • https://csirt.divd.nl/CVE-2024-43653 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43652 – Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

https://notcve.org/view.php?id=CVE-2024-43652

09 Jan 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate – The binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain a... • https://csirt.divd.nl/CVE-2024-43652 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43648 – Authenticated command injection via <redacted>.exe <redacted> parameter

https://notcve.org/view.php?id=CVE-2024-43648

09 Jan 2025 — Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. ... Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. • https://csirt.divd.nl/CVE-2024-43648 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43663 – Buffer overflow vulnerabilities in CGI scripts lead to segfault

https://notcve.org/view.php?id=CVE-2024-43663

09 Jan 2025 — However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution. • https://csirt.divd.nl/CVE-2024-43663 • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43656 – A CGI script can be added to the web directory this way, allowing for full remote code execution.

https://notcve.org/view.php?id=CVE-2024-43656

09 Jan 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate – It might be difficult for an attacker to identify the file structure of the directory, and then modify the backup to add a new CGI script in the correct directory. Furthermore, the attacker will need an account to restore the settings backup, or convince a use... • https://csirt.divd.nl/CVE-2024-43656 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.3EPSS: 0%CPEs: -EXPL: 0

CVE-2024-43650 – Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station

https://notcve.org/view.php?id=CVE-2024-43650

09 Jan 2025 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate – The binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to ... • https://csirt.divd.nl/CVE-2024-43650 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-250: Execution with Unnecessary Privileges •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-40765

https://notcve.org/view.php?id=CVE-2024-40765

09 Jan 2025 — An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0013 • CWE-190: Integer Overflow or Wraparound •

1...21 22 23 24 25