9 matches found
MAL-2025-36267 Malicious code in test-mlw2-snary-clung (npm)
The package test-mlw2-snary-clung was found to contain malicious code...
CVE-2024-36267
Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server within the privilege of the Redmine process...
Exploit for CVE-2022-36267
CVE-2022-36267 - Airspan AirSpot 5410 Unauthenticated Remote C...
Airspan AirSpot 5410 Command Injection (CVE-2022-36267)
A command injection vulnerability exists in Airspan AirSpot 5410. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-36267
...
CVE-2020-36267
CVE-2020-36267 entry is rejected and not used; it does not represent an active vulnerability.
AirSpot 5410 0.3.4.1-4 Remote Command Injection
-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...
AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit
-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...
CVE-2022-36267
CVE-2022-36267 affects Airspan AirSpot 5410 (versions 0.3.4.1-4 and earlier). The vulnerability is an unauthenticated remote command injection in the diagnostics.cgi binary (/home/www/cgi-bin/diagnostics.cgi) that accepts unauthenticated, unsanitized data, enabling remote code execution via craft...