941 matches found
CVE-2022-24394 Authenticated Command Injection Vulnerability in Fidelis Network and Deception
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-24394
Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...
CVE-2022-28912
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...
CVE-2022-28911
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate...
CVE-2022-28913
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...
CVE-2022-28912
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...
CVE-2022-28913
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...
CVE-2022-28912
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...
CVE-2022-28913
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting...
Command injection
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...
CVE-2022-28912
TOTOLink N600R V5.3c.7159B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW...
TOTOLINK N600R 操作系统命令注入漏洞
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the filename parameter in /setting/setUpgradeFW...
TOTOLINK N600R 操作系统命令注入漏洞
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the filename parameter in /setting/setUploadSetting...
PT-2022-19307 · Totolink · Totolink N600R
Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was discovered via the filename parameter in the "/setting/setUpgradeFW" API endpoint. This allows for potential exploitation. Recommendations: For TOTOLink...
PT-2022-19306 · Totolink · Totolink N600R
Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version 5.3c.7159 B20190425 Description: A command injection issue was found via the filename parameter in the "/setting/CloudACMunualUpdate" API endpoint. Recommendations: For TOTOLink N600R version 5.3c.7159 B20190425, avoid...
PT-2022-19308 · Totolink · Totolink N600R
Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was found via the filename parameter in the "/setting/setUploadSetting" API endpoint. This allows for potential command execution. No information is provided...
Directory Traversal
NopCommerce.Core is vulnerable to path traversal. An attacker can access files outside the expected directory by sending the wrong values through the POST request for the FileName parameter in the BackupAction function of CommonController.cs...
CVE-2022-27982
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution RCE vulnerability via the fileName parameter at /guestauth/cfg/upLoadCfg.php...
Remote code execution
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution RCE vulnerability via the fileName parameter at /guestauth/cfg/upLoadCfg.php...
CVE-2022-27982
CVE-2022-27982 affects the RG-NBR-E Enterprise Gateway RG-NBR2100G-E. A remote code execution (RCE) vulnerability is exposed via the fileName parameter in /guest_auth/cfg/upLoadCfg.php. The NVD entry lists a high/critical impact in CVSS v2/v3 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base scores 7.5/...