Page 77 of 8792 results (0.020 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenicated Attackers can send malicious packet to execute arbitary commands. In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUPnPCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands. • https://github.com/HouseFuzz/reports/blob/main/totolink/x5000r/setUPnPCfg/setUPnPCfg.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality. NOTE: this is disputed by multiple parties, who report that exploitation requires that an attacker be able to hijack network requests made by an admin user (who, by design, is allowed to change the code that is running on the server). • https://github.com/Fckroun/CVE-2024-41651 https://github.com/Fckroun/CVE-2024-41651/tree/main • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. ... This issue can lead to arbitrary code execution. • https://https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html https://access.redhat.com/security/cve/CVE-2023-31315 https://bugzilla.redhat.com/show_bug.cgi?id=2279283 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 2.7EPSS: 0%CPEs: 3EXPL: 0

Setting SMS media allows to set GSM modem file. Later this file is used as Linux device. But due everything is a file for Linux, it is possible to set another file, e.g. log file and zabbix_server will try to communicate with it as modem. As a result, log file will be broken with AT commands and small part for log file content will be leaked to UI. • https://support.zabbix.com/browse/ZBX-25013 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

An administrator with restricted permissions can exploit the script execution functionality within the Monitoring Hosts section. The lack of default escaping for script parameters enabled this user ability to execute arbitrary code via the Ping script, thereby compromising infrastructure. • https://support.zabbix.com/browse/ZBX-25016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •