74 matches found
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21786
CVE-2024-21786 is an OS command injection vulnerability in MC Technologies MC LR Router 2.10.5. Cisco Talos details show the flaw resides in the web interface configuration upload path (cgi-bin/p/adm/cfg) where the request handling writes the user-supplied filename and derives file_type from the ...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2024-21786
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
PT-2024-19054 · Unknown · Mc Lr Router
Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: An OS command injection vulnerability exists in the web interface configuration upload functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an...
MC Technologies MC LR Router 操作系统命令注入漏洞
MC Technologies MC LR Router is a router from the German company MC Technologies. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the configuration upload function of the web interface and could...
MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability
Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...
PT-2024-20226 · Jsherp · Jsherp
Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...
PT-2023-24338 · Supermicro · Supermicro X11
Name of the Vulnerable Software and Affected Versions: Supermicro X11 and M11 based devices versions through 3.17.02 Description: The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation allows remote authenticated...
The vulnerability of the executable file FTSSBackupRestore.exe of the FactoryTalk Policy Manager and FactoryTalk System Services software allows a perpetrator to upload malicious configuration files.
The vulnerability of the executable file FTSSBackupRestore.exe from the manufacturing process management software FactoryTalk Policy Manager and the FactoryTalk System Services system service is related to deficiencies in the authentication process. Exploiting this vulnerability could allow...
Command injection
An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall releases older than version 19.5 GA...
Optilink Network OP-XT71000N 跨站请求伪造漏洞
Optilink Network OP-XT71000N is a wireless router from Optilink Network India. The Optilink Network OP-XT71000N version V2.2 suffers from a cross-site request forgery vulnerability that stems from its inadequate protection of mgmconfigfile.asp allowing an attacker to create a crafted CSRF form to...
CVE-2022-3575
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...
CVE-2022-3575
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...
CVE-2022-3575 Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...
CVE-2022-3575 Frauscher Sensortechnik Diagnostic System FDS102 for FAdC R2 and FAdCi R2 configuration upload vulnerability
Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device...
PT-2022-22959 · Frauscher Sensortechnik Gmbh · Fds102
Name of the Vulnerable Software and Affected Versions: Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 versions 2.8.0 through 2.9.1 Description: The issue allows malicious code upload without authentication by using the configuration upload function, which could lead to a complete...
Frauscher Sensortechnik FDS102 代码问题漏洞
The Frauscher Sensortechnik FDS102 is a diagnostic system device from Frauscher. A code issue vulnerability exists in the Frauscher Sensortechnik FDS102 that originates from uploading malicious code without authentication via the configuration upload function...
PT-2022-16736 · Yubico · Yubikey
Name of the Vulnerable Software and Affected Versions: YubiKey affected versions not specified Description: The issue concerns incorrect access control in the Yubico OTP functionality of the YubiKey hardware tokens and the Yubico OTP validation server. The Yubico OTP is supposed to create...