3632 matches found
CVE-2023-37861
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device...
Code injection
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device...
CVE-2023-37861 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device...
CVE-2023-37861 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device...
CVE-2023-3572
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device...
CVE-2023-3573
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device...
Command injection
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device...
CVE-2023-3572 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device...
CVE-2023-3572 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device...
CVE-2023-3571 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device...
CVE-2023-3571 PHOENIX CONTACT: OS Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device...
CVE-2023-3573 PHOENIX CONTACT: Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device...
CVE-2023-3573 PHOENIX CONTACT: Command Injection in WP 6xxx Web panels
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device...
CVE-2023-3573
CVE-2023-3573 describes a command-injection vulnerability in PHOENIX CONTACT WP 6xxx series web panels, present in versions prior to 4.0.10. A remote attacker with low privileges can exploit an HTTP POST request related to font configuration operations to gain full control of the device. Impact i...
PT-2023-4197 · Phoenix Contact · Wp 6Xxx Series Web Panels
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACTs WP 6xxx series web panels versions prior to 4.0.10 Description: The issue exists due to the lack of measures to neutralize special elements used in the operating system command. A remote attacker with low privileges may use a...
Perch CMS 3.2 Cross Site Scripting
Exploit Title: Date: 07/2023 Exploit Author: Andrey Stoykov Version: 3.2 Tested on: Windows Server 2022 Blog: http://msecureltd.blogspot.com XSS 1: File: roles.edit.post.php Line 57: ... error'roleTitle', false;?" label'roleTitle', 'Title'; ? text'roleTitle', $Form-get$details, 'roleTitle'; ?...
Fedora: Security Advisory for curl (FEDORA-2023-189272bcce)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moxa EDR-810 Web Server Certificate Signing Request Command Injection (CVE-2017-12125)
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the /goform/netWebCSRGen uri t...
Moxa EDR-810 Web Server ping Command Injection (CVE-2017-12120)
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the...
[SECURITY] Fedora 37 Update: curl-7.85.0-10.fc37
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...