CVE-2023-20007

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly,...

The vulnerability of the data loading function of the Web Manager application, integrated with SSL for the Wi-Fi module of Lantronix PremierWave 2050, allows a hacker to execute arbitrary commands.

The vulnerability of the data loading function of the Web Manager application in the Lantronix PremierWave 2050 Wi-Fi module exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor...

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

CVE-2022-25026

A Server-Side Request Forgery SSRF in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy...

Zyxel NR7101 操作系统命令注入漏洞

The Zyxel NR7101 is a router from Hopkins Zyxel. The operating system command injection vulnerability in the Zyxel NR7101 firmware prior to v1.15 ACCC.3 C0 stems from a vulnerability in its CGI program that allows an authenticated attacker to achieve command injection leading to the execution of...

CVE-2022-35401

An authentication bypass vulnerability exists in the getIFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.38649674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this...

CVE-2022-39947

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4...

CVE-2022-28229

The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...

Design/Logic Flaw

The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...

CVE-2022-28229

The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...

CVE-2022-28229

The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions...

CVE-2022-29517

A directory traversal vulnerability exists in the HelpdeskActions.aspx edittemplate functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability...

The vulnerability of microprogrammed software in Schneider Electric’s programmable logic controllers, such as Modicon M340 and Modicon Quantum/Premium, arises from insufficient protection of operational data. This allows attackers to gain unauthorized access to protected information.

The vulnerability of microprogrammed software in Schneider Electric Modicon M340 and Modicon Quantum/Premium programmable logic controllers is related to insufficient protection of operational data. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to...

CVE-2022-33875

An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...

CVE-2022-33876

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests...

CVE-2022-33876

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests...

The vulnerability of the SetDdns-domain component in the Reolink RLC-410W camera’s microprogramming system allows a intruder to execute arbitrary commands.

The vulnerability of the SetDdns-domaind component in the Reolink RLC-410W video camera software exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary comman...

Remote code execution

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...

CVE-2022-39833

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...

CVE-2022-39833

FileCloud Versions 20.2 and later allows remote attackers to potentially cause unauthorized remote code execution and access to reported API endpoints via a crafted HTTP request...